Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Cythraul
New Contributor

FortiClient version management/control?

Hi, folks,

 

Is there a built-in way of monitoring which version of FortiClient my users are running?

 

We had an issue the other week that was limited to users who were on old versions of FortiClient (5.0.x, vs. 5.3.x).  I'm wondering if there's a systematic way to watch for users lagging behind before they become an issue.

 

(I know there are third-party solutions for monitoring software versions in general, but I'm wondering if there's something specific to Fortinet for FortiClient.)

 

Thanks.

1 Solution
Chris_Lin_FTNT

If your FortiClient is registered to FortiGate, FortiGate GUI will show a table which include FortiClient version.

 

In 5.2.3 FortiOS, it's in User & Device -> Monitor -> FortiClient .

View solution in original post

13 REPLIES 13
Chris_Lin_FTNT

If your FortiClient is registered to FortiGate, FortiGate GUI will show a table which include FortiClient version.

 

In 5.2.3 FortiOS, it's in User & Device -> Monitor -> FortiClient .

Cythraul

Chris.Lin wrote:

If your FortiClient is registered to FortiGate, FortiGate GUI will show a table which include FortiClient version.

 

In 5.2.3 FortiOS, it's in User & Device -> Monitor -> FortiClient .

Thanks!

 

Hmm.  I appear to be running firmware 5.0.

 

The menu path you list is there, but I get "No matching entries found".

 

When this feature works, does it show me versions for all of my clients, or just the ones that are currently signed in?

storaid
Contributor

hello, fortinet guys...

how can I control client's forticlient version for FOS v5.x/5.2.x????...

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2

FSW224B x1

FWF60D x2 FWF60C x3 FGT80C rev.2 FGT200B-POE FAP220B x3 FAP221B x2 FSW224B x1
Chris_Lin_FTNT

That table only lists the registered FortiClient.

 

You can imagine... FortiClient has to tell about itself to FortiGate, and the only way is to register. Otherwise if FortiClient just broadcasting information, it sounds like a vulnerability :)

Cythraul

What do you mean by "register", though?  Do you mean "be presently signed in", or just "have a connection configured" or "have connected at some point"?

 

I mean, here's what I've got.  I've got hundreds of users, a significant subset of whom make regular use of FortiClient to make VPN connections to my firewall.  And yet.

Chris_Lin_FTNT

I mean the endpoint control function between FortiClient and FortiGate.

 

Your picture seems to indicate that the endpoint control function is not used at all.

 

http://video.fortinet.com...on-to-endpoint-control

Cythraul

So as it turns out, I haven't been registering my clients.  First mistake.

 

Now, as I experiment with registering, I'm noticing that clients only show up if they're both (1) registered and (2) currently connected.

 

Which doesn't seem to be the case in your screenshot.  Please correct me if I'm wrong, but your screenshot seems to show unregistered-but-connected users, and a registered-but-offline user.

Chris_Lin_FTNT

Those 3 "unregistered" devices used to be registered. If you click the "Unregister" button on FortiClient GUI, they will become unregistered on FortiGate.

 

After unregister, FortiClient and FortiGate are not "connected" in the sense that they are not communicating any more. It's just a record showing in the database.

Cythraul

I'm wondering why mine doesn't show records like that.

 

When a registered client signs in to VPN, it shows there.  As soon as it disconnects, it vanishes, leaving no trace of any kind behind.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors