Viewing the firewall monitor of a FortiClient agent

FortiClient Manager : Configuring FortiClient agent settings : Viewing the firewall monitor of a FortiClient agent

On the FortiClient agent, when an application tries to connect through the firewall, FortiClient Host Security normally prompts the user to allow or disallow the access unless there is a matching firewall policy. When controlled by FortiManager, the FortiClient application blocks all access for which there is no firewall policy and raises a firewall policy violation alert to the FortiManager unit.

Optionally, you can change the FortiClient default to allow all accesses for which there is no Deny firewall policy. See “Setting the firewall options of a FortiClient agent”.

Based on the violations recorded in the firewall monitor, you can add new firewall policies to allow or disallow these access attempts in future.

Select a FortiClient agent in the All Managed Clients or Ungrouped Clients lists and open its Firewall Monitor. Firewall Monitor displays firewall policy violation events that occur on the managed FortiClient agents.


Source / Destination		The source and destination address to which the policy applies. See “Configuring firewall addresses on a FortiClient agent”.
Service / Port		Protocols of the connection attempts.
# Violations		The number of firewall policy violations.
Last Violation		The date and time of the most recent violation.
Action
	Delete icon	Select to delete a firewall violation record.
	Edit icon	Select to create a policy for a firewall violation event if there is no existing policy for the event. See “To create a policy for a firewall violation event:”.
Delete		Delete the selected firewall violation records for this device.

To create a policy for a firewall violation event:

1. In the FortiClient Manager, select Client/Group > Client > Managed Client in the navigation pane.

2. In the All Managed Clients list, select the FortiClient agent you want to configure from the Host Name column.

3. From the FortiClient menu, select Firewall > Monitor.

4. For the firewall violation event that you want to add a policy, select the Edit icon.


Destination	Create a new address name or select an existing one. If you create a new address name, this name is linked with this violation event. If you choose an existing address, it may not be linked to this violation event. See “Configuring firewall addresses on a FortiClient agent”.
Service	Create a new service or select an existing one. If you create a new service name, this name is linked with this violation event. If you choose an existing service, it may not be linked to this violation event. See “Defining firewall protocols on a FortiClient agent”.
Schedule	Select the schedule that controls when the policy should be active. See “Configuring firewall schedules on a FortiClient agent”.
Action	Select the response to make when the policy matches a connection attempt.
Comment	Optionally, add any comments you have for this policy.

5. Select OK.