We switched over from Symantec to FortiClient a few months ago, and then upgraded our PCs to Win 10. Since then, the PCs continually get a popup message that FCT and Windows Defender are Disabled. FCT icon still shows green, and I can open the console just fine. But the warning keeps coming up.
We have also run into an issue where all the FCT users (especially with Static IPs), show either Off-Net or even completely Off-Line in the FGT Console (5.2.7 fw).
I was hoping we were going to save some money and simplify things greatly by getting rid of Symantec and maximizing the FG features, but now it's starting to snowball and look like a black hole of money and effort. I've been told that if I buy the EMS module, upgrade all PCs to 5.4.1, and upgrade the box to 5.4 then all my problems will go away, but I've heard these things before.
If anyone has any insight on this, please let me know
Thanks
Hi bobm,
We've just begun the roll out of Forticlient for much the same reasons as you. We have EMS 1.0.1 and all Forticlients will be 5.4.1. I've been using FC (from version 5.0) IPSec VPN client on my Mac at home for over a year and it's worked perfectly. Since registering my Mac with EMS which has AV enabled I've been suffering with crashes and Mac lockups. On two occasions in the last month my Mac has lost access to the wired and wifi networks, I've had to reboot to restore service. On my work Windows 10 PC things are much better, most stuff works fine. I do occasionally get the error you describe but it's very brief (a few seconds) and seems to be off the back of an EMS update.
In short EMS 1.0.1 with FC 5.4.x works fine, even the remote install works!
MacOS is a different story though, I'm getting crash loops and total network connectivity loss. I've disabled the Mac AV to see if that helps.
Let me know how you get on as I feel we're in the minority using FC for AV.....
So it's still happening, but I have at least figured out how to squelch the constant popups by enabling Quiet Hours in Windows 10. The messages are still there under the hood, but at least not stopping our reps from doing their work.
But another odd thing is that it seems that the FGT is completely incapable of managing the FC users at all anymore. I know the static IP machines will show up as "Off Net", but we're getting at least 50% of our users (both static and DHCP) showing up as "Offline", even though the Last Seen column in the interface is up to date. And the users that I have upgraded from FC 5.4.0 to 5.4.1 haven't updated in the "Version" column. I have Discovery and Broadcast both enabled. What else am I missing, or is OS 5.4 and EMS my only avenue?
@bobm -- From the release notes, ForitClient 5.4.1 requires a FortiGate with FortiOS 5.4.1 (nothing earlier).
However, that's kind of a moot point now, since, from a Fortinet talk a couple weeks back, it sounds like with FortiClient 5.4.1, EMS has become the only real option.
My understanding is that though you can still have the 5.4.1 FortiGate require 5.4.1 FortiClient endpoints to have specific versions, almost all control over which security profiles the FC uses (AV, webfilter, etc.) has gone to EMS.
Also, EMS supposedly requires Windows Server. I'm not too thrilled by this, as I had just set up FC profiles from the 5.4.0 FGT, which seemed to work fine and because I don't yet have a Windows Server box available to run EMS on.
@SteveG - Are you running EMS on Windows Server 2012 R2? Have you tried running it (remotely) with Windows in Server Core mode? The Fortinet folk told me you needed non-Core to do the initial install of EMS (install requires the GUI), but thought that it might run fine remotely after that (since 2012 R2 can switch to Core mode and back). I'd love to hear from somebody who has actually done this that it is working.
Thanks for that clarification, even if it isn't really what I wanted to hear. But at least I know. My confusion is that even the FC 4.0 clients are showing up screwy. And not even a matter of pushing profiles or anything like that, I just want to monitor them. But if it comes to it I do have a Windows Server machine that isn't being taxed too hard that I could run EMS on. Now to justify to the Powers That Be another $700 in software.....
Hey there,
I have the same problem.... The worst is that Forticlient Support is completely unqualified. They don't know product.
I'm not looking for decision for this problem yet, cause i have A LOT of others after installation.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1736 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.