Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ServiceSolimas
New Contributor

Forticlient different versions, no automatic upgrade to latest = security risk?

So we utilize forticlient on workstations to provide VPN access (remote access). Now our Security Officers have noted that different versions of forticlient has been installed on the workstations. Some run 6.0.x, other 6.4.x, and he noticed 7.0.x is also out. He asked the IT team why this is possible and older versions arent automatically upgraded and whether this posed a security risk. I tried searching for answers on Forticlient documentation but it feels like finding a needle in a stack of hay. I have made this account specifically for this question. Can you guys help me with this? If there is any official documentation on this, i would love to receive a link on them!

 

With kind regards,

 

 Solimas

 

Edit: Another issue is, we have licensed ESET as our endpoint protection and we only use Forticlient for VPN connection. I believe EMS required endpoint licenses, which we dont have (we do have fortigates deployed). So im not sure EMS is the correct way.

 

So the question is, are there any security risks involved when using older versions of Forticlient if its only used for VPN?

1 REPLY 1
ServiceSolimas
New Contributor

So i found out about EMS, which we havent deployed.... This answers the question on automatic update. But im not sure what kind of security risks older versions bring with them. Common sense says each new version improves upon the older ones, so to be up to date would be best practice and best for security reasons too. But common sense would also dictate that a company would discontinue older versions if they bring (significant) security risks with them.

 

I have already advices to get an EMS instance ready so to deploy and manage forticlient from a central place, which also has the ability to perform updates. Still i wonder how bad running the olders versions would be.

 

edited mainpost too: We have another Endpoint manager installed already (ESET), we only require VPN connection through ESET. So the question is, are there any security risks involved when using older versions of Forticlient if its only used for VPN?