FortiClient version management/control?

Cythraul · ‎03-25-2015

Hi, folks,

Is there a built-in way of monitoring which version of FortiClient my users are running?

We had an issue the other week that was limited to users who were on old versions of FortiClient (5.0.x, vs. 5.3.x). I'm wondering if there's a systematic way to watch for users lagging behind before they become an issue.

(I know there are third-party solutions for monitoring software versions in general, but I'm wondering if there's something specific to Fortinet for FortiClient.)

Thanks.

Chris_Lin_FTNT · ‎03-25-2015

If your FortiClient is registered to FortiGate, FortiGate GUI will show a table which include FortiClient version.

In 5.2.3 FortiOS, it's in User & Device -> Monitor -> FortiClient .

View solution in original post

Chris_Lin_FTNT · ‎03-25-2015

If your FortiClient is registered to FortiGate, FortiGate GUI will show a table which include FortiClient version.

In 5.2.3 FortiOS, it's in User & Device -> Monitor -> FortiClient .

Cythraul · ‎03-26-2015

Chris.Lin wrote:
If your FortiClient is registered to FortiGate, FortiGate GUI will show a table which include FortiClient version.

In 5.2.3 FortiOS, it's in User & Device -> Monitor -> FortiClient .

Thanks!

Hmm. I appear to be running firmware 5.0.

The menu path you list is there, but I get "No matching entries found".

When this feature works, does it show me versions for all of my clients, or just the ones that are currently signed in?

storaid · ‎03-25-2015

hello, fortinet guys...

how can I control client's forticlient version for FOS v5.x/5.2.x????...

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2

FSW224B x1

Chris_Lin_FTNT · ‎03-26-2015

That table only lists the registered FortiClient.

You can imagine... FortiClient has to tell about itself to FortiGate, and the only way is to register. Otherwise if FortiClient just broadcasting information, it sounds like a vulnerability :)

Cythraul · ‎03-26-2015

What do you mean by "register", though? Do you mean "be presently signed in", or just "have a connection configured" or "have connected at some point"?

I mean, here's what I've got. I've got hundreds of users, a significant subset of whom make regular use of FortiClient to make VPN connections to my firewall. And yet.

Chris_Lin_FTNT · ‎03-26-2015

I mean the endpoint control function between FortiClient and FortiGate.

Your picture seems to indicate that the endpoint control function is not used at all.

http://video.fortinet.com...on-to-endpoint-control

Cythraul · ‎03-26-2015

So as it turns out, I haven't been registering my clients. First mistake.

Now, as I experiment with registering, I'm noticing that clients only show up if they're both (1) registered and (2) currently connected.

Which doesn't seem to be the case in your screenshot. Please correct me if I'm wrong, but your screenshot seems to show unregistered-but-connected users, and a registered-but-offline user.

Chris_Lin_FTNT · ‎03-26-2015

Those 3 "unregistered" devices used to be registered. If you click the "Unregister" button on FortiClient GUI, they will become unregistered on FortiGate.

After unregister, FortiClient and FortiGate are not "connected" in the sense that they are not communicating any more. It's just a record showing in the database.

Cythraul · ‎03-27-2015

I'm wondering why mine doesn't show records like that.

When a registered client signs in to VPN, it shows there. As soon as it disconnects, it vanishes, leaving no trace of any kind behind.

FortiClient version management/control?

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website