Endpoint control
Configuring endpoint control
FortiGate Version 4.0 Administration Guide
01-400-89802-20090424
641
•
Endpoint control
Endpoint control enforces the use of the FortiClient End Point Security (Enterprise Edition)
application on your network. The compliance check ensures that the endpoint is running
the most recent version of the FortiClient application and, optionally, checks that the
FortiClient antivirus signatures are up-to-date on the endpoint. An endpoint is most often a
single PC with a single IP address being used to access network services through a
FortiGate unit.
You enable endpoint control in a firewall policy. When traffic attempts to pass through the
firewall policy, the FortiGate unit runs compliance checks on the originating host on the
source interface. Non-compliant endpoints are blocked. If web browsing, the endpoints
receive a message telling them that they are non-compliant, or they are redirected to a
web portal where they can download the FortiClient application installer.
You can monitor the endpoints that are subject to endpoint control, by viewing information
about the computer and its operating system. If you configure software detection, you can
also see the applications that are installed on endpoints.
This section describes:
•
•
Configuring endpoint control
Endpoint control requires that all hosts using the firewall policy have the FortiClient
Endpoint Security application installed. Make sure that all hosts affected by this policy are
able to install this application. Currently, FortiClient Endpoint Security is available for
Microsoft Windows 2000 and later only.
To set up endpoint control, you need to
•
Enable Central Management by the FortiGuard Analysis and Management Service if
you will use FortiGuard Services to update the FortiClient application or antivirus
signatures. You do not need to enter account information. See
•
Configure the minimum required version of FortiClient and the source of FortiClient
installer downloads for non-compliant endpoints. See
“Configuring FortiClient required
version and installer download” on page 642
•
Enable endpoint control in firewall policies. See
“Endpoint Compliance Check options”
•
Configure software detection if you want to monitor the applications installed on
endpoints. See
“Viewing and configuring the software detection list” on page 643
Note:
You cannot enable
Endpoint Compliance Check
in firewall policies if
Redirect
HTTP Challenge to a Secure Channel (HTTPS)
is enabled in
User > Options >
Authentication
.
Summary of Contents for Gate 60D
Page 705: ...www fortinet com...
Page 706: ...www fortinet com...