FortiClient Fabric Agent Endpoint Security – What CAN’T it do?

Fortinet FortiClient Fabric Agent Endpoint Security delivers protection, compliance, and secure access in a single, modular lightweight client. Basically, it’s an endpoint security software containing lots of features, such as VPN, Anti-Virus, Vulnerability Scan, and more. It provides desktop protection\antivirus that works in combination with FortiGate firewalls. Together, they provide single pane of glass security visibility. And, it provides a client-side software IPSec VPN access to remote FortiGate firewalls. The cost of the updates is included with the FortiGate. This makes it cost effective versus buying a third party solution.

It leaves a light footprint, giving little effect on performance even when the full scan is launched.

What is a Fabric Agent?

A Fabric Agent is a bit of endpoint software that runs on an endpoint such as a laptop or mobile device. It “talks” with the Fortinet Security Fabric to provide information, visibility, and control to that device. FortiClient also enables secure, remote connectivity to the Security Fabric. Basically, it’s a full-fledged VPN connection editor for creating outbound connections. You can configure both SSL-VPN and IPsec VPN connections here and edit client authentication settings. It’s great for those who need to use a VPN to access corporate internet networks.

The FortiClient Fabric Agent Endpoint Security does things like:

– Report to the Security Fabric on the status of a device, including apps running and firmware version

-Enable the device to connect securely to the Security Fabric over either VPN (SSL or IPsec) or ZTNA tunnels, both encrypted. The connection to the Security Fabric can either be a FortiGate Firewall or SASE service

-Send any suspicious files to a Fabric Sandbox

-Enforce application control, USB control, URL filtering, and firmware upgrade policies

-Apply CASB controls to users accessing cloud-based applications

-Provide malware protection and application firewall service

FortiClient checks for vulnerabilities in Microsoft programs, third-party tools, and popular browsers like Google Chrome and Mozilla Firefox, and more. After scanning, it generates a clean color-coded report that shows what has been detected.

Of course, FortiClient is offered with several levels of capabilities. These have increasing levels of protection. Here’s a couple:

(A few) Features of the VPN/ZTNA Edition

The VPN/ZTNA Edition has a Zero Trust Agent with Multi-factor Authentication. It supports ZTNA tunnels, single sign-on (SSO), and device posture check to FortiOS access proxy.

It also has the very handy Central Management via EMS or FortiClient Cloud. Centralized FortiClient provisioning allows admins to remotely deploy endpoint software and perform controlled upgrades. As a result, sending FortiClient configs to thousands of clients is done with the click of a button.
A nifty vulnerability remediation dashboard helps manage an organization’s attack surface. All vulnerable endpoints are easily identified. It also prioritizes unpatched OS and software vulnerabilities with flexible patching options including auto-patching.

There’s also SSL VPN with MFA which enables an easy-to-use encrypted tunnel that will traverse most any infrastructure, and IP Secure VPN with MFA with an encrypted tunnel that provides the highest VPN throughput. And, FortiGuard Web Filtering monitors all web browser activities to enforce web security and acceptable usage policy. And that’s just some of what FortiClient VPN/ZTNA offers.

EndPoint Protection/APT Edition

The EndPoint Protection/APT has everything the VPN/ZTNA version does, plus more.For example, it has USB Device Control, FortiSandbox (On Premise or PaaS), FortiClient Cloud Sandbox, AI-powered Next-Gen Antivirus, Automated Endpoint Quarantine, and Ransomware Protection.

Easy to use

As a self-managed solution, FortiClient is very easy to use. It simply runs off the default scanning and firewall configs in FortiGate. Used this way, the program’s core components can be set up in just a couple of clicks.

FortiClient is easy to use with any WiFi connection, allowing remote access to company servers and databases. You don’t have to worry about having limited access from an airport, hotel room, coffee shop, etc.

In addition, it’s a very good endpoint protection platform, preventing exploitation of known vulnerabilities. FortiClient also features behavioral based detection which helps protect against zero day attacks. It is even good for vulnerability scanning. Designed as a simple, easy-to-use endpoint solution to an Enterprise Management Service, FortiClient is a very solid solution with a very budget-friendly price.

We hope this brief explanation has been helpful. And, if you have any further questions, please email us or call Corporate Armor at 877-449-0458. Thanks for reading!

FortiClient Fabric Agent Endpoint Security Highlights

Integrated VPN, firewall, and vulnerability detection
IPSec VPN access
AntiVirus protection
Scans malware on a very high level
Extremely secure VPN connections