Hello, we seem to be converging in the security space with end users and the free version of the FortiClient.
Currently deployed via Intune 7.2.2 FortiClient SSL VPN with SAML authentication back to Entra. When it works its no problem, however we also use the same method inhouse and I'm aware that on occasion you need to restart the FortiClient by shutting it down in the task tray and re-launching it. So what's the issue?
Well moving end user(s) away from local administrative rights whereby this is the only issue we face at present, end users receive a UAC prompt when attempting to close/open the FortiClient otherwise its a full machine restart.
Has anyone got around this as yet without sacrificing security?
I may have to provide an additional IPSEC tunnel if the situation does not improve.
Thoughts?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi FortiGeekz,
Thanks for using Community forums. I recognize you're looking for people who have experience with specific setups, so you may not get a reply. But we'll try to make sure you get an answer to your query from an expert or a community member.
Kind regards,
Hi FortiGeekz,
I haven't found anyone who has an answer to your query yet. I'll keep looking and get back to you ASAP.
Kind regards,
Hello,
can you please confirm if Intune was executing the installer using a non-admin account and was the endoint rebooted after the installation ?
When the installer runs MSI silently:
- the upgrade / install will happen
- the installer will NOT start Forticlient if a reboot is required.
- there will be no reboot prompt requesting a reboot.
This can be reproduced by upgrading / installing Forticlient and then NOT rebooting the system after the upgrade has been completed.
If one tries to open the Forticlient GUI/console then UAC prompt is shown because Forticlient needs start its services.
However, the UAC prompt is NOT a bug because the device has not been rebooted.
After rebooting:
1) FCT starts automatically.
2) Opening the GUI does not cause a UAC prompt.
regards
Peter
Created on 06-10-2024 07:56 PM Edited on 06-10-2024 07:58 PM
Hello psevca,
Yes, the behavior you describe is what's witnessed.
We have Intune installing the w32 app as system without a reboot nag.
However, this is not of great concern, it's the stability of the SAML authentication request and then client errors thereafter. If an error (transient) is generated 99% of the time the FortiClient will not recover on subsequent connection requests. Usually, we see this represented as the FortiClient SSL VPN connecting to around 40% and then some error thrown.
From here the only way to establish a connection is to restart the ForitClient however as in a security centric nature, end users do not have administrator rights and therefore cannot shut down the FortiClient. Instead, a full Windows restart is required. It's this behavior we would like to see no requirement of elevation of rights to restart the FortiClient.
Hello,
the problem with UAC prompt should be resolved if the Intune deployment is configured with a reboot after the FCT deployment. Once this condition is met, the FCT should not ask user for admin credentials/trigger UAC when FCT is shutdown.
regards
Peter
Going to give this a test and reply back here...
Not sure this changes anything:
-------------------------------------------------------------------------------------------------
msiexec.exe /i "FortiClient.msi" /passive /quiet INSTALLLEVEL=3 DESKTOPSHORTCUT=1 /NORESTART
timeout /t 240 /nobreak
"C:\Program Files\Fortinet\FortiClient\FCConfig.exe" -m vpn -f fcconfig.conf -o import
-------------------------------------------------------------------------------------------------
Intune then prompts the user to restart. Once the device has restarted if they need to shutdown FortiClient then they are prompted for admin credentials.
We redeployed this with a mandatory reboot.
After the restart, we tested with a user that had no local machine admin rights.
If they attempt to shutdown the FortiClient they are prompted for admin credentials.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1547 | |
1031 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.