What's the point of FortiClient Application Firewall?

Forum|Forum|1 year ago
February 12, 2025
1 reply
423 views

I've had it managed with EMS and enabled for my endpoint profiles for years, but never gave it much thought before. Specifically, the categories that you can enable, block, or monitor. If my endpoints are behind a Fortigate with web and application filters, the application firewall policies seem redundant.

I have all the categories set to approve, because I want to control that with my FG, not EMS profiles. I do have the "Block Known Communication Channels Used by Attackers" so I guess that's some good it's doing.

FortiGate

AEK

SuperUser

In the policy I enable "Profile (off-fabric)", so when off-fabric I enable the app filter and web filter, and when on-fabric I disable them to let FortiGate do the job.

AEK

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded