Endpoint Protection overview
Endpoint Protection enforces the use of up-to-date FortiClient Endpoint Security software on endpoints (workstation computers and mobile devices). It pushes a FortiClient profile to the FortiClient application, specifying security settings, including:
• Real-time antivirus protection - on or off
• FortiClient web category filtering based on web filters defined in a FortiGate web filter profile
• FortiClient application control (application firewall) using application sensors defined in the FortiGate application control feature
• Endpoint vulnerability scanning daily, weekly, or monthly
The FortiClient profile can also specify:
• VPN configurations
• Uploading of logs to the FortiGate unit hourly or daily
• Configuration profile (.mobileconfig file for iOS)
• Dashboard banner
You enable Endpoint Security in device identity security policies by enabling Compliant with FortiClient Profile. Optionally, the security policy can redirect non-compliant endpoints to a captive portal to download FortiClient software. Otherwise, non-compliant endpoints are blocked.