On-Net Status for FortiClient Devices
The Online column of the FortiClient Monitor has been changed to Status. This column will show the current status of the device, and whether or not it is registered.
Two of the possible status options are on-net or off-net. In order to record this information, the DHCP server must be enabled for FortiClient On-Net Status. In order to determine if a FortiClient device is on or off net, a DHCP cookie is sent to FortiClient that contains the FortiGate's serial number. FortiClient will then compare that serial number to the number for the FortiGate it is registered with. If they match, the FortiClient will be considered on-net.
In configurations using high availability, the cookie contains the serial number of all cluster members.
This status has also led to the following options have been added to FortiClient profiles:
• Client Web Filtering when On-Net: when enabled, web filtering is applied to FortiClient traffic even when it is protected by a FortiGate unit.
• Auto-connect when Off-Net: This option allows the FortiClient to autoconnect to a VPN even when it has an off-net status.
• Client-based Logging when On-Net: when enabled, the FortiClient will continue to log even when its traffic is flowing through a FortiGate unit.