Configuration overview

Chapter 14 Managing Devices for FortiOS 5.0 : Endpoint Protection : Configuration overview

Endpoint Protection requires that all hosts using the firewall policy have the FortiClient Endpoint Security application installed. Make sure that all hosts affected by this policy are able to install this application. Currently, FortiClient Endpoint Security is available for Microsoft Windows (2000 and later) and Apple Mac OSX only.

To set up Endpoint Protection, you need to

• Enable Central Management by the FortiGuard Analysis & Management Service if you will use FortiGuard Services to update the FortiClient application or antivirus signatures. You do not need to enter account information. See “Centralized Management” in the System Administration chapter of this Handbook.

• By default, the FortiGuard service provides the FortiClient installer. If you prefer to host it on your own server, see “Changing the FortiClient installer download location”.

• In Security Profiles, configure application sensors and web filters profiles as needed to monitor or block applications. See the Security Profiles Guide chapter of this Handbook.for details.

• Create a FortiClient profile or use a predefined profile. See “Creating a FortiClient profile”. Enable the application sensor and web category filtering profiles that you want to use.

• Enable Compliant with FortiClient Profile in the authentication rules of Device Identity security policies that the endpoints will use.

• Optionally, configure the FortiGate unit to support endpoint registration by IPsec or SSL VPN.