ossimUpdate

I've been using Fortinet's technology quite extensively at one of my former employers.

 

The solutions used there were FortiGate firewall / UTM (Unified Threat Management) appliance, along with FortiMail email security solution (supporting both black- and whitelisting etc.), a dozen of FortiAPs (14C model) and FortiClient sofrware installed to each client computer (all of these were ment to act as an integral protection system).

 

First of all, I have to mention that the installation of the FortiClient client-side software was pretty awkward - often it took hours to finish the installation (i.e. to download the image and some other components later on - the initial setup file itself is pretty small). I suppose that this was a server-side problem (on Fortinet's side).

Also, the anti-malware capability of the FortiClient was only mediocre - I've removed a number of (dangerous - bot-, rootkit and crypto-type) infections that were detected just by using free software like Avast or 360 Total Security. Regarding this question, the problem was obviously the slowness of Fortinet in adding newly detected malware to the base (to be pushed / pulled as an update to the client later).

Also, it doesn't have a boot time scan capability (like Avast does). Using it alongside Avast and 360 Total Security under Windows 8.1 hasn't caused me any problems (this type of installation is not recommended though - and, by the way, it can't even be started under Windows 10 Pro Insider Preview - after getting the initial warning pictured below, the installation has failed in the end).

install_conflict.JPG

 

Anyway, (at least) it's a free product and can be installed standalone; however - as I said - I think there are better AV solutions available, and what makes FortiClient stand out a bit is a VPN feature (working in conjunction with the aforementioned UTM - an doing it well, as I've used it a couple of times to do some domain-related jobs from my home that I've couldn't have done by using TeamViewer - for example, FortiMail administration or MS Exchange access, with few disconnection and authentication issues which were usually solved by installing the latest version available).

In the latest version the client offers the following features:

  • Antivirus
  • SSL and IPSec VPN
  • Web Filtering
  • Application Firewall
  • 2-Factor Authentication
  • Vulnerability Scan
  • WAN Optimization

Regarding the aformentioned features there are two basic setup types shown below:

install.JPG

 

This is how the client looks in the latest version (to be registered to an endpoint, there has to be one availaible in your network, of course):

 

 

 

The next couple of screens show how the VPN section of the client looks like:

 

 ipsec_vpn.JPG

 

 

The client also offers web filtering via predefined categories, whitelists, YouTube Education Filtering, with logging capability and other options shown below:

site_categories2.JPG

 

There's also an interesting option in the whitelisting section allowing an administrator to either block, allow or monitor a certain URL:

site_categories3.JPG

 

 

As far as the APs were concerned, we've been having some trouble with some of them (problems were mainly solved after some of them were simply replaced or their firmware has been upgraded, which took a bit, as that has to be approved by Fortinet and performed by an authorized vendor).

 

One of the crucial problems also was a lack of support for MS Hyper-V technology - there wasn't a VM FortiGate appliance available at the moment, although the Hyper-V technology was widely used (not only in the company I've been working in). Quite strange product policy (regarding the fact that Hyper-V has about 30 % market share at the moment, according to some sources) - not to mention that this issue had complicated things a bit for the company.

 

All in all, although generally satisfied, I've always thought that there are many aspects of this solution which should have been improved. 

 

UPDATE (07/27/2015): I forgot to mention one more advantage of this solution - there are also a couple of interesting endpoint protection and VPN-enabling apps for Android provided by Fortinet.

I haven't used them extensively and there are more detailed descriptions available at the Google play, therefore I'll present only the links:

As far as I know (I haven't used them at all because I prefer Android), there are also their counterparts for iPads and iPhones available, making the whole solution even more widely usable.