FortiClient features

FortiClient offers two licensing modes: Standalone mode and Managed mode. It can also be integrated with FortiSandbox.

The following table provides a feature comparison between the standalone client (free version) and the managed client (licensed version).

Standalone Client (Free Version) Managed Client (Licensed Version)
Installation Options
  • Complete: All Endpoint Security and VPN components will be installed.
  • VPN Only: only VPN components (IPsec and SSL) will be installed.
  • Create a custom FortiClient installer using the FortiClient Configurator tool using the trial mode. In trial mode, all online updates are disabled.
Installation Options
  • Complete: All Endpoint Security and VPN components will be installed.
  • VPN Only: only VPN components (IPsec and SSL) will be installed.
  • Create a custom FortiClient installer using the FortiClient Configurator tool.
Threat Protection
  • Real-time Antivirus Protection
  • Antirootkit/Antimalware
  • Grayware Blocking (Adware/Riskware)
Threat Protection
  • Real-time Antivirus Protection
  • Antirootkit/Antimalware
  • Grayware Blocking (Adware/Riskware)
  • Integration with FortiSandbox
Web Content
  • Web Filtering
  • YouTube Education Filter
Web Content
  • Web Filtering
  • YouTube Education Filter
VPN
  • SSL VPN
  • IPsec VPN
  • Client Certificate Support
  • X.509 Certificate Support
  • Elliptical Curve Certificate Support
  • Two-Factor Authentication
VPN
  • SSL VPN
  • IPsec VPN
  • Client Certificate Support
  • X.509 Certificate Support
  • Elliptical Curve Certificate Support
  • Two-Factor Authentication
Logging
  • VPN, Antivirus, Web Security, and Update Logging
  • View logs locally
Logging
  • VPN, Application Firewall, Antivirus, Web Filter, Update, and Vulnerability Scan Logging
  • View logs locally
  Application Control
  • Application Firewall
  • Block Specific Application Traffic
  Vulnerability Management
  • Vulnerability Scan
  • Link to FortiGuard with information on the impact and recommended actions
  Central Management
  • Centralized Client Management and monitoring
  • Centralized configuration provisioning and deployment
  • Enforcement of enterprise security policies.
  Central Logging
  • Upload logs to a FortiAnalyzer or FortiManager. FortiClient must be registered to FortiGate to upload logs to FortiAnalyzer or FortiManager.

Standalone mode

In standalone mode, FortiClient is not registered to a FortiGate or Enterprise Management Server (EMS). In this mode, FortiClient is free both for private individuals and commercial businesses to use; no license is required. All features and functions are activated.

Managed mode

Companies with large installations of FortiClient usually need a method to manage their endpoints. This is accomplished by registering each FortiClient to a FortiGate or an Enterprise Management Server (EMS). In this mode, FortiClient licensing is applied to the FortiGate or EMS. No separate license is required on FortiClient itself.

FortiSandbox

FortiSandbox offers the capabilities to analyze new, previously unknown and undetected virus samples in realtime. Files sent to it are scanned first, using similar Antivirus (AV) engine and signatures as are available on the FortiOS and FortiClient. If the file is not detected but is an executable file, it is run in a Microsoft Windows virtual machine (VM) and monitored. The file is given a rating or score based on its activities and behavior in the VM.

FortiClient integration with FortiSandbox allows users to submit files to FortiSandbox for automatic scanning. When configured, FortiClient will send supported files downloaded over the internet to FortiSandbox if they cannot be detected by the local, real-time scanning. Access to the downloaded file can be blocked until the scanning result is returned.

As FortiSandbox receives files for scanning from various sources, it collects and generates AV signatures for such samples. FortiClient periodically downloads the latest AV signatures from the FortiSandbox, and applies them locally to all real-time and on-demand AV scanning.

For more information, see the FortiSandbox Administration Guide, available in the Fortinet Document Library.

This feature requires a FortiSandbox running version 2.1 or newer and is only available on FortiClient (Windows).

On-Net / Off-Net

The on-net feature requires the use of a FortiGate as a DHCP server. This is usually configured on the same FortiGate that the FortiClient will be registered. When the device that FortiClient is running on has an IP address from the FortiGate's DHCP server, it is on-net. For any other IP addresses, it is off- net.

There is a new way to configure the on-net feature. On the FortiGate, the DHCP server can be used, or several network subnets can be provided. FortiClient will be on-net if:

Otherwise, FortiClient will be off-net.

 

Chapter: Introduction > FortiClient features