Configuration overview

Chapter 14 Managing Devices : Endpoint Protection : Configuration overview

Endpoint Protection requires that all hosts using the firewall policy have the FortiClient Endpoint Security application installed. Make sure that all hosts affected by this policy are able to install this application. Currently, FortiClient Endpoint Security is available for Microsoft Windows (2000 and later) and Apple Mac OSX only.

To set up Endpoint Protection, you need to

• By default, the FortiGuard service provides the FortiClient installer. If you prefer to host it on your own server, see “Changing the FortiClient installer download location”.

• In Security Profiles, configure application sensors and web filter profiles as needed to monitor or block applications. See the Security Profiles Guide chapter of this Handbook for details.

• Create a FortiClient profile or use the default profile. See “Creating a FortiClient profile”. Enable the application sensor and web category filtering profiles that you want to use.

• Enable Compliant with FortiClient Profile in the security policies that the endpoints will use.

• Create the registration key for users to register their device with the FortiGate unit.

• Optionally, configure the FortiGate unit to support endpoint registration by IPsec or SSL VPN.

• Optionally, modify the Endpoint NAC Download Portal replacement messages (one per platform).