FortiClient 5.2.1 - How disable ads, links, prompts to install other features, etc.?

obrienw · ‎11-12-2014

We moved to FC 5.2.1 for pre-logon SSL-VPN after the debacle of the 4.5.3 updater trying to automatically install an entire security suite on top of our existing one. Someone eventually dug up a registry hack to stop that. And now I find out that 5.2.1 is still prompting users to add on the additional security features after explicitly installing VPN Components only.

How do I turn that off???

At no point in time should a regular user in an enterprise environment ever be prompted or offered the option of changing the security software on their computer; that's strictly an administrative function. What's so hard about this? It's completely baffling to me why I have to put so much work into preventing FortiClient from pwning my computers.

jvanderzee · ‎01-02-2015

I have tried to work with support to see if these ads can be removed without needing to register to a Fortigate. No other VPN client I know has this ad annoyance. I've given feedback to Fortinet on this topic and have not heard a response. If you use the FortiClient 5.2.0 (Download from your support login), backup the config and restore with the <ads>0</ads> tag altered (From 1 to 0) it will remove the ads for you. For Forticlient 5.2.1 and 5.2.2 this backup and restore of the config to remove the ads does not work anymore. I'm guessing this is some sales ploy but I find it absurd for users needing only the VPN functionality from Fortinet. This has already annoyed some of my clients and instead leads me to look at other NGFW vendors rather than purchase the products forced in your face with every VPN connection.

View solution in original post

Christopher_McMullan · ‎01-07-2015

I think you may have missed the mark, bartman10. I'll explain a little more of what lies behind my reasoning. Whether you believe me or still think the same way afterwards is up to you - I'll leave you the last word.

I contribute technical answers on the forums voluntarily to fill a need for more trained engineers to weigh in on what we've seen, what can be helpful in resolving issues, etc. I suggested pursuing a New Feature Request because I know from experience that it works - it's the most effective way right now to see the product changed.

************************************************************************************

I challenge you to find a company that gives the highest priority for product enhancements to forum posts. They may listen to forum posts, but sales still drive the biggest, quickest changes.

Submitting a New Feature Request allows you/Fortinet to do the following:

-bring attention to a needed/desired change

-vet the issue for all required technical points and dimension

-identify a purchase which hinges on Fortinet doing what other vendors and competitors are demonstrably doing better or at a lower cost

-give Fortinet an exact idea of how much money is at stake if the sale is lost

It can seem as if sales is a muddy way of determining what administrators really want, but no one will buy a company's product if it falls behind in needed security features, or if they can find a better deal elsewhere. Cost, performance, and security mean products sell. A publicly-traded UTM company must respond to changes that will make a profit/sales impact.

If you can make a business case for an ad-free VPN-only version of FortiClient that is unlicensed (you can already strip ads via the FortiClient Configurator by creating custom .msi and .mst installers), then it will likely be implemented.

Aside from purely financial imperatives, submitting an NFR does two other things: it (i) gives you ownership over the change; and (ii) allows proper and formal project management decisions to be made based on the request. All projects need a relative priority, which the sales and business case can help to set, and in case you need to be consulted for more feedback, or to refine the feature, you have a stake in making sure the feature is released *exactly* in the way you want.

************************************************************************************

</THIS IS MY PERSONAL OPINION>

If you have concerns over whether your SE is responding in a timely manner to your feedback, or you doubt if features are really being pursued, they should hear about it directly. The system should work - it shouldn't be left broken.

Receiving feedback through any channel is better than people silently harboring grievances and walking away. For my part, I hope my comments help direct you to the best resource who can champion your request.

Regards, Chris McMullan Fortinet Ottawa

View solution in original post

bartman10 · ‎11-17-2014

I can't agree more.. Come on FortiNet.. how freeken tacky.. 3 banner bars of adds for your stuff in my clients VPN... dood.. really... tell the marketing people to chill!

And Fortinets answer is just like a spammer (well you can opt out) by screwing with these registry keys and values in the XML file... that oh.. by the way you have to do on every client and there is no default way to disable it unless you license the full FortiClient...

Thanks bro!

300E x3, 200D, 140D, 94D, 90D x2, 80D, 40C, handful of 60E's.. starting to loose track.

Over 100 WiFi AP's and growing.

FAZ-200D

FAC-VM 2 node cluster

Friends don't let friends FWF!

jvanderzee · ‎01-02-2015

I have tried to work with support to see if these ads can be removed without needing to register to a Fortigate. No other VPN client I know has this ad annoyance. I've given feedback to Fortinet on this topic and have not heard a response. If you use the FortiClient 5.2.0 (Download from your support login), backup the config and restore with the <ads>0</ads> tag altered (From 1 to 0) it will remove the ads for you. For Forticlient 5.2.1 and 5.2.2 this backup and restore of the config to remove the ads does not work anymore. I'm guessing this is some sales ploy but I find it absurd for users needing only the VPN functionality from Fortinet. This has already annoyed some of my clients and instead leads me to look at other NGFW vendors rather than purchase the products forced in your face with every VPN connection.

dmux · ‎01-15-2015

jvanderzee wrote:
If you use the FortiClient 5.2.0 (Download from your support login), backup the config and restore with the <ads>0</ads> tag altered (From 1 to 0) it will remove the ads for you.

jvanderzee, did adding the <ads>0</ads> to your config actually work for 5.2.0? I haven't been able to get it to work (on OSX). One thing I noticed was that when backing up a 5.2.2 or 5.2.1 configuration the <ads> tag was already present in the config UI section, but set to 1. When backing up 5.2.0, there was no <ads> tag and I needed to add it manually. Like I said though, I haven't been able to disable the ads in any of the versions. Did you have any luck?

jvanderzee · ‎01-15-2015

dmux wrote:
jvanderzee wrote:
If you use the FortiClient 5.2.0 (Download from your support login), backup the config and restore with the <ads>0</ads> tag altered (From 1 to 0) it will remove the ads for you.

jvanderzee, did adding the <ads>0</ads> to your config actually work for 5.2.0? I haven't been able to get it to work (on OSX). One thing I noticed was that when backing up a 5.2.2 or 5.2.1 configuration the <ads> tag was already present in the config UI section, but set to 1. When backing up 5.2.0, there was no <ads> tag and I needed to add it manually. Like I said though, I haven't been able to disable the ads in any of the versions. Did you have any luck?

I did the 0 ads setting on the Windows version. I have not tried it on OSX. I would suggest contacting support and seeing if they know which version was the last one to support the ads removal tag. Alternative solutions would be use one of the 10 included licenses with your FortiGate to register the client or utilize the lightweight SSL VPN client accessed via the portal. That client has no ads. There is also a way to package the installations but I believe an endpoint license is needed before that is allowed.

dmux · ‎01-15-2015

jvanderzee wrote:

I did the 0 ads setting on the Windows version. I have not tried it on OSX. I would suggest contacting support and seeing if they know which version was the last one to support the ads removal tag. Alternative solutions would be use one of the 10 included licenses with your FortiGate to register the client or utilize the lightweight SSL VPN client accessed via the portal. That client has no ads. There is also a way to package the installations but I believe an endpoint license is needed before that is allowed.

I do have a support ticket open, just thought I may expedite the process by gathering as much info as possible. Where would I go about finding the license for the 10 clients? I commented on a thread in the FortiClient forum asking about the SSLVPN client for OSX. The only one I am able to find is the "OnlineInstaller" version. I'd prefer the offline installer if possible.

Thanks for the feedback, I appreciate it.

Edit: Found the "simple" (no ads or other components) SSL-VPN client for OSX. See my reply in another thread here: https://forum.fortinet.com/FindPost/119171.

bartman10 · ‎01-05-2015

I think I understand what they are trying to do... The Free FortiClient with antivirus and all that jazz should get the adds.. But when we are deploying FortiClient in VPN only to connect to a Fortnet device.. there should be no adds..

Think about it Fortinet.. you are pushing 3 banners of adds to my VPN users who don't know a UTM from a SQL... your message is falling on deaf ears..

Combine that with the fact we ALREADY have a Forti device cause that's why we are using the product to begin with and it's a little odd...

You still really need to fix the VPN only FortiClient so when users download it from the VPN portal site they ONLY have the option to install the VPN client. Many of my users keep blowing up their computer cause they install the full client with Symantec AV installed...

I'll make it really simple for you Fortinet... This is what we as admins want.. We want "FortiClient VPN" to work EXACTLY the way Cisco Anyconnect works. That is.. it just works.. A user loggs into the web interface, installs Anyconnect, all the VPN settings are set for them.. gateway, ports, start before login.. all of it.. And no adds!

That is what we want.... "FortiAnyconnect"

If you would like a demo of how Cisco Anyconnect works feel free to contact me and I can set you up with a trial account on my 5510.. or I could even loan out a 5505 for you to test.

300E x3, 200D, 140D, 94D, 90D x2, 80D, 40C, handful of 60E's.. starting to loose track.

Over 100 WiFi AP's and growing.

FAZ-200D

FAC-VM 2 node cluster

Friends don't let friends FWF!

Christopher_McMullan · ‎01-06-2015

What channel did you use to provide Fortinet with your feedback? Forums and support tickets don't have nearly the same kind of traction as speaking with your Systems Engineer or local account rep about your concerns.

If you propose the change you want as a New Feature Request, the SE can start building a business case for why FortiClient should be modified in time for a specific future release.

Here's my suggestion:

-open a ticket with Fortinet TAC

-mention that the purpose of the ticket is to explore a New Feature Request

-detail the problem, as you see it

-detail the solution you would like to see implemented

The TAC engineer assigned will validate any required technical information, verify who your SE is, and reach out to them about formally submitting the New Feature Request.

Regards, Chris McMullan Fortinet Ottawa

jvanderzee · ‎01-06-2015

I have opened a ticket but the focus was not done in the New Feature request fashion, it was to remove the ads. I will communicate with my SE directly and see what can be done. Thanks for the suggestions.

bartman10 · ‎01-06-2015

Honestly Christopher that is a totally bad and "not my department" attitude.

I really can't tell you how sad I felt the first time I heard someone from Fortinet say something like this.. because that attitude is really telling about how the company is run, how the company values it's customers and how driven the company is to deliver the product the customer wants.

The companies people hate to work deal with all seem to have this exact same policy. "You need to tell your rep..." "You need to call someone else and tell them.. they don't listen to my department..." "You.. You.. You..." Always what the customer needs to do.

If the customer is complaining about something they don't like with the product.. is it really a great idea to have them go even further out of their way, to take even more of their time in order to inform the people who live in the crystal palace?

By the way.. I don't exactly get the feeling my rep is really paying attention when I do bring things up with my rep.. I think you guys have a bit of a disconnect here between the customer, the rep, and the developers up in the crystal palace.

Oh BTW... how do you know the reps and SE's are even bringing this up to ANYONE!? There is not ticket or tracking number.. the guy just says "ya.. ok.. I'll look into it" and pfft.. that's it..

I just did tell you... Jvander just did tell you.. YOU are the one that needs to bring this up with development. You are the agent of the company.

We are the customers, we are posting our feedback and suggestions right here in Fortinets forum for crying out loud! Don't you think it might be a good idea for the managers and such to maybe take a look in here and see what the customers are saying? What we are asking for?

These are the same out of touch managers who are probably, right now, in a meeting with marketing managers talking about a new marketing campaign to get better customer feedback and metrics.. they just don't get it.. and it's so painfully obvious.

The best companies are more than happy to take customer feedback seriously no matter how or where it's coming from. Just yesterday I was talking to someone in the finance department about updating my billing.. and in conversation I mentioned something I did not like in the user interface... This FINANCE guy proceeded to open a suggestion ticket, emailed me the ticket number.. AND called me back the next day to ensure I received it.

The truly sad part is I know you have no idea what I'm talking about... As you read this all you are thinking about is how I am wrong and you are right.. This way of thinking is from the 50's.. it's a cancer in a company that I have never seen cured..

Does Fortinet believe this is good customer service? Do they believe this is making their product better? Do you think myself and Jvan feel like we are being taken seriously and are appreciated as customers? I'll give you a hint.. no..

300E x3, 200D, 140D, 94D, 90D x2, 80D, 40C, handful of 60E's.. starting to loose track.

Over 100 WiFi AP's and growing.

FAZ-200D

FAC-VM 2 node cluster

Friends don't let friends FWF!