Detailed Expert Review
FortiClient is a well-known enterprise security tool made by the same company that produces the FortiGate network security appliance. I tested FortiClient 6.0 to see whether it was a simple but powerful enough internet security solution on my home Windows machine—without running it within an enterprise security environment. And while the results weren’t what I expected, it still lived up to its reputation.
The FortiClient tool is designed to be used within an Enterprise Management Server (EMS) which provides centrally managed networked antivirus protection to endpoints. However, it also works as a standalone solution. FortiClient is more than capable of providing quality protection on its own.
When used this way, the core system component becomes the built-in vulnerability scanner, thoroughly seeking out known and unknown vulnerabilities.
In addition, both TCP and UDP ports are probed to make sure that the system is running a basic firewall—more advanced firewall configurations, however, need to be made by the system administrator. Definitions and updates under the default setup are coming from FortiGate running FortiOS 6.0. For those that want to connect to a managed security network, the “Compliance & Telemetry” screen makes it easy to input the network IP and get hooked up to the EMS server.
In terms of scanning, the program checks for vulnerabilities in Microsoft programs, third-party tools, and popular browsers like Google Chrome and Mozilla Firefox, among other programs. After it has run, the vulnerability scan also produces a clean color-coded output screen that shows what has been detected. To test the protection, I loaded a couple of malware-laden third-party toolbars to Firefox and these were picked up on by the system as expected.
In addition to the vulnerability scanner tool, the program also includes a useful ‘remote access’ tool that allow users to configure VPN connections. This is effectively a full-fledged VPN connection editor for creating outbound connections.
Users can configure both SSL-VPN and IPsec VPN connections here and edit client certificate and authentication settings. For those that need to use a VPN to access their corporate internet networks, the remote access tool will be a welcome addition.
Ease of use
When used as a self-managed solution, FortiClient is a very easy program to use as the app simply runs off the default scanning and firewall configurations provided by FortiGate. Used this way, the program’s core components—the EMS configuration module and vulnerability scanner—can both be set up in literally a couple of clicks.
Given the limited range of areas within the program, the settings page isn’t complicated. Users do have some useful options, however, such as the ability to enable a VPN connection before logon and configure which services will be included in the program’s log. In addition, under the ‘Notifications’ tab, the system provides a complete log of all program-generated notifications. This can be useful for debugging the tool.
I chose to download the executable program for Windows 10, although it’s also available as an App from the Microsoft Store. Linux users will appreciate the fact that FortiClient comes available as pre-compiled .deb and .rpm packages—so no advanced knowledge is needed to get up and running.
Those that are taking advantage of the free download can still use the company’s online support knowledge base.
There’s also an active discussion forum as well as a comprehensive video library. Although much of the Fortinet support library is geared towards training system administrators in how to use the company’s tools (Fortinet offers its own product certification program), there are some tutorials, such as how to configure an IPSec VPN connection, that are applicable to the home user.
FortiClient is available as a free download for Windows, MacOSX, Linux, (Ubuntu, Red Hat, CentOS), iOS, and Android. Enterprise customers will naturally also need to purchase the FortiClient Enterprise Management Server (EMS) which is tiered based on the number of endpoints served. There are no “catches” or limitations when using the tool as I did, however, so this makes it a great option for those in need of basic vulnerability protection.