ossimUpdate

(Disclaimer: as the article is referencing some solutions and experiences that are tied to one of my former employers, a prior consent from the latter has been successfully gathered)

 

I've been using Fortinet's technology for quite some time previously.

 

The solutions used were FortiGate firewall / UTM (Unified Threat Management) appliance, along with FortiMail email security solution (supporting both black- and whitelisting etc.), a dozen of FortiAPs (14C model) and FortiClient sofrware installed to each client computer (all of these are a part of an integral protection system).

 

What I missed a bit was a boot time scan capability.

 

Testing it after some time, alongside Avast and 360 Total Security (which offered some other features) under Windows 8.1 hasn't caused me any problems (this type of installation is not recommended though - and, by the way, it can't even be started under Windows 10 Pro Insider Preview - after getting the initial warning pictured below, the installation has failed in the end).

 

install_conflict.JPG

 

Anyway, it's a free product and can be installed standalone; however - as I said - I think that there were a tad better AV solutions available, and what makes FortiClient stand out a bit is a VPN feature (working in conjunction with the aforementioned UTM - and doing it very well, as I've used it a couple of times to do some domain-related jobs from my home that I've couldn't have done by using TeamViewer - for example, FortiMail administration or MS Exchange access, with few disconnection and authentication issues which were usually solved by installing the latest version available).

In the latest version the client offers the following features:

  • Antivirus
  • SSL and IPSec VPN
  • Web Filtering
  • Application Firewall
  • 2-Factor Authentication
  • Vulnerability Scan
  • WAN Optimization

Regarding the aformentioned features there are two basic setup types shown below:

install.JPG

 

This is how the client looks in the latest version (to be registered to an endpoint, there has to be one availaible in your network, of course):

 

 

 

The next couple of screens show how the VPN section of the client looks like:

 

 ipsec_vpn.JPG

 

 

The client also offers web filtering via predefined categories, whitelists, YouTube Education Filtering, with logging capability and other options shown below:

site_categories2.JPG

 

There's also an interesting option in the whitelisting section allowing an administrator to either block, allow or monitor a certain URL:

site_categories3.JPG

 

 

As far as the APs were concerned, one of the crucial issues was a lack of support for MS Hyper-V technology - there wasn't a VM FortiGate appliance available at the moment, although the Hyper-V technology was widely used (not only in the company I've been working in). It's a pitty that the product policy doesn't perfectly align with the fact that Hyper-V has about 30 % market share at the moment, according to some sources.

 

 

UPDATE (07/27/2015): I forgot to mention one more advantage of this solution - there are also a couple of interesting endpoint protection and VPN-enabling apps for Android provided by Fortinet.

I haven't used them extensively and there are more detailed descriptions available at the Google play, therefore I'll present only the links:

As far as I know (I haven't used them at all because I prefer Android), there are also their counterparts for iPads and iPhones available, making the whole solution even more widely usable.