FortiClient
FortiClient proactively defends against advanced attacks. Its tight integration with the Security Fabric enables policy-based automation to contain threats and control outbreaks. FortiClient is compatible with Fabric-Ready partners to further strengthen enterprises’ security posture.
nithincs
Staff
Staff
Article Id 191909
Description
Disable the backup option of the FortiClient configuration in FortiClient standalone mode.

Latest FortiClient application for windows can be downloaded from https://www.forticlient.com/downloads
Forticlient version can be downloaded from https://support.fortinet.com/

After installing the FortiClient , user can do restore/backup of the configuration and reload it to the application running in different PC.
This behaviour can be changed if the user wants to disable the backup option for the end user.

This article describes how to prevent backup attempts.

Solution
In order to restrict VPN user from restore/backup configuration, follow these steps.

1) Install a FortiClient in a Windows PC.

For VPN only FortiClient, select 'Secure Remote Access' option or select all the components. ('Security Fabric Agent' will be defaulty selected).





2) Configure VPN settings to connect FortiGate.

3) Select  FortiClient lock icon at right bottom corner and allow the security popup.




5) Go to 'Settings' and select lock icon at left top corner and that password window will popup.

Enter the password and reconfirm password for the standalone FortiClient lock.





6) Take the backup from Settings -> System.

7) Edit the backup file using a text editor and find the following lines.
<?xml version="1.0" encoding="UTF-8" ?>
<forticlient_configuration>
    <forticlient_version>6.0.9.277</forticlient_version>
    <version>6.0.9</version>
    <exported_by_version>6.0.9.0277</exported_by_version>
    <date>2020/04/22</date>
    <partial_configuration>0</partial_configuration>
    <os_version>windows</os_version>
    <os_architecture>x64</os_architecture>
    <system>
        <ui>
            <disable_backup>0</disable_backup>                                         <----- Change integer value 0 to 1 to disable backup   .           
           
8) Save the configuration and share the configuration backup with end user.

Once the VPN user install the FortiClient and restore the configuration backup( Settings -> System and use the 'Restore' button).

User will no more be able to take the backup or restore the backup.
User will be able to restore/backup the configuration by unlocking the FortiClient using lock password.

Note.

To restore the backup, end user must install the same  version used to configure configuration.
Make sure user select same  setup type while installing FortiClient in all the client PC (refer step 1) ).


Contributors