Hi everybody, i tried a trial of #ForticlientEMS on premis to evaluate the product and then bought a license, but now that I really have to use it i have encountered several problems. I try to expose my questions, anyone who can help me even for just one of these I would be very grateful! :)
1) Is there a way to understand from the telemetry if the Forticlient (7.0.7) is connected in VPN (IPSec or SSL) to the Fortigate? I currently use the server in standalone mode, so it doesn't interact with the Fortigate.
2) I have set up a telemetry connection key on the server. I would like to create Forticlient installations that do not contain the key so that it is always to be entered manually after the first installation on the PC. When I create the installations I see the "Auto Registration" field enabled, but during the creation I am not asked if you want to enable this option or not.
3) I have the server which is under NAT, so the ethernet interface has a private IP. This setting creates problems for me in creating invitations because I cannot select the public IP as the server:
In EMS Settings I added the public IP of the internet line as IP listening for telemetry, so why can't I put it in the invitations too?
4) I want to block Ipsec VPN attempts from clients that do not meet certain requirements and I have created, with the Zero Trust Tagging Rules, a very simple rule that for now verifies if the client has Windows 10. In setting the VPN I connected the rule by putting it in the Permit state. The PC, which is Windows 10, is properly tagged and goes into the VPN. The problem comes now: if in the advanced setting of the VPN I put the Tag in the forbidden state:
and I try to connect in VPN, rightly I do not connect and the notification appears on the PC. However, if, as in my case, I have enabled the Login Before Logon with automatic connection, when the PC is turned on, the computer connects to the VPN! If I then log into the Windows user and disconnect the VPN (which was activated), the Forticlient returns to work regularly because if I try to connect it informs me that I cannot connect. Therefore it appears that the Zero Trust Tagging Rules are not checked at PC startup. I also created the diagnostic file from Forticlient and actually there is no connection log which, when the PC was turned on, had to be prohibited. This is a big problem for me. I also tried to set the <use_legacy_vpn_before_logon> parameter to 1 and I also tried the Forticlient 7.0.6 but nothing changes. Now i use these settings:
One thing I noticed (I don't know if it can be connected in some way) is that until I log in with the Windows user the antivirus status is not detected in the client status:
I have many other questions but for now I will stop at the most urgent ones. I haven't opened a ticket in Fortinet yet because they would surely tell me, as already happened, "For each ticket only one question", so I start by writing here on the Forum. And if some Fortinet technician would like to write me for the details I would be happy, otherwise I will subsequently open a ticket for each question as requested.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.