Forticlient firewall

Discussion in 'other firewalls' started by joter, Jul 9, 2007.

Thread Status:
Not open for further replies.
  1. joter

    joter Registered Member

    Joined:
    Jan 8, 2005
    Posts:
    163
    Location:
    Greece
    I have tested Forticlient and it's a state-of-the-art software firewall.
    Why this not so well known here at Wilders?
    Anyone that has some thoughts about it?

    Even after the 90-days trial period of antivirus and webfilter updates, the software still works and is free to be used.

    Regards
    joter
     
  2. sukarof

    sukarof Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    1,714
    Location:
    Stockholm Sweden
    Never heard about it, but I´m downloading it now to see how it compares to my regular one.
     
  3. NAMOR

    NAMOR Registered Member

    Joined:
    May 19, 2004
    Posts:
    1,526
    Location:
    Arkham Asylum

    Are you talking about the FortiClient Host Security ver 3.x ? I'm trialing it now for the first time, it seems like a nice security suite.
     
  4. joter

    joter Registered Member

    Joined:
    Jan 8, 2005
    Posts:
    163
    Location:
    Greece
    Yes. This is what I mean.

    Regards
    joter
     
  5. YeOldeStonecat

    YeOldeStonecat Registered Member

    Joined:
    Apr 25, 2005
    Posts:
    2,345
    Location:
    Along the Shorelines somewhere in New England
    I have a few clients that run their office behind the FortiGate appliances...nice units.
     
  6. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    As mentioned by "YeOldeStonecat", this is a good appliance (hardware, as with a router (software internal)), I do not know of a software installation of this for windows. If there is, please advise and I will download.
     
  7. joter

    joter Registered Member

    Joined:
    Jan 8, 2005
    Posts:
    163
    Location:
    Greece
    http://www.fortinet.com/products/forticlient.html

    Regards
    joter
     
  8. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    In fact there is a software version of Fortinet's products, you can find it here:

    http://www.fortinet.com/products/forticlient.html

    It is a security suite which also includes a firewall. For some strange reason I am unable to access the Fortinet shop website at the moment, but I remember that it was mentioned that there are 2 versions of Forticlient with the main differences being in the simplicity of options and the user interface.
     
  9. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hello Firecat,
    Thanks for the info.
    If you know of a download that does not require me to enter my company info, let me know.
     
  10. joter

    joter Registered Member

    Joined:
    Jan 8, 2005
    Posts:
    163
    Location:
    Greece
    There are two versions, Forticlient Host Security Enterprise Edition and the Consumer Edition. The only differences are the interface that has another "theme", the IPsec VPN feature and Windows 2003 support. For sure is also the cut-down price.

    Regards
    joter
     
  11. joter

    joter Registered Member

    Joined:
    Jan 8, 2005
    Posts:
    163
    Location:
    Greece
    If you don't mind
    http://www.download.com/3000-2239_4-10707678.html
    for the consumer Edition.

    Regards
    joter
     
  12. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    I found these 2 links:

    http://www.tdfast.com/soft_files6/111_32607.exe (version 3.0.459, direct download link)
    http://www.tdfast.com/soft_files1/92_5673.zip (version 3.0.308, direct download link)

    The reason why I have provided both links is because from the screenshots I saw on the site I got these links, it appears that the 3.0.459 download is the consumer edition while the 3.0.308 download is the enterprise edition. Unless the server has changed the files, you should be able to get a fully functional Fortinet install from the above two files....I have not mentioned the site I got these links from because SiteAdvisor reports that the site may be risky.
     
    Last edited: Jul 14, 2007
  13. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hi Firecat,
    Thanks, but I have downloaded using the link provided by "joter" (thanks joter). I will install later onto a VM to have a play.
     
  14. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    I have installed onto VM to have a look. The firewall rules, certainly the advance rules are similar to ZA (same layout/ options).

    I will find time tomorrow to take a longer look.

    One question does arrise,... I allowed the firewall to update (AV etc) via HTTP, but I do not know why there is a constant attempt of outbound datagrams (UDP) going to 69.90.198.50(Fortinet) remote port 8888 (I currently have this blocked at gateway). Does anyone know what this is for?
     
  15. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    I decided to have a look at these datagrams(udp) packets being sent.

    UDP are being sent to/ received from 69.90.198.50 and 210.51.190.136, both on remote port 8888. This is by "fortiwf.exe"(web filter service). Out of curiousity, I blocked "fortiwf.exe" from all comms within the firewall and I got popup to show these blocked:-

    blocked.jpg

    This in itself appears correct, but when I compare this alert, from the firewall log, to my host log, I find these comms (with reply) are actually allowed:-

    notblocked.jpg
     
  16. joter

    joter Registered Member

    Joined:
    Jan 8, 2005
    Posts:
    163
    Location:
    Greece
    Sorry, I didn't find such attempts at my system. Note that I use the enterprise edition, not the consumer edition.

    Regards
    joter
     
  17. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Does this installation include the "web filter"? As mentioned in my posts, (these comms are from the "web filter".

    I was kindly sent a PM with info on this (thank you),.. that confirms the needed outbound UDP for the web filtering:-

    web.jpg

    This is for updates (I presume), and certainly have no problem with this (updates are needed). My main concern at this time, is the fact that the firewall (after I blocked these comms) reported these as blocked, but, as I have posted, these comms are still allowed.
     
  18. joter

    joter Registered Member

    Joined:
    Jan 8, 2005
    Posts:
    163
    Location:
    Greece
    I have been able to finally reproduce the problem and it is exactly what you have noted. I think this is FACTORY SETTING that you can not override and there is a bug here because the log is been created before let it passing through.
    This attitude was very common on Kerio Firewalls.

    Regards
    joter
     
  19. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    7,270
    Location:
    England
  20. joter

    joter Registered Member

    Joined:
    Jan 8, 2005
    Posts:
    163
    Location:
    Greece
  21. Trespasser

    Trespasser Registered Member

    Joined:
    Mar 1, 2005
    Posts:
    1,194
    Location:
    Virginia - Appalachian Mtns
    Forticlient 3.0.459 did not uninstall very well. Windows Security Center reported that the firewall part was still installed but was luckily turned off. Personally I didn't like Forticlient very much.
     
  22. Albinoni

    Albinoni Registered Member

    Joined:
    Feb 17, 2005
    Posts:
    709
    Location:
    Perth, Western Australia
    I've most definately have heard of it but never used it. So what happens after the 90day trial is up, is any functions disabled ?
     
  23. budfox

    budfox Registered Member

    Joined:
    Apr 5, 2005
    Posts:
    103
    I have been using one of their Fortigate 60's (AV/IPS) boxes for a few years now and its done a great job. Dont know about their software, but if they are using the same IPS signatures, i would expect it to be good.

    I like using a dedicated box due to the zero impact on system resources. For all of you out there screaming...but what about outbound protection....In my opinion, outbound is overrated for the impact on resources imposed. Hook up an XP box directly to the net and you will be owned w/in 5 minutes (inbound). This is the biggest risk to your system. The best way to protect your system is NAT routing with a stealthed inbound firewall.
     
  24. joter

    joter Registered Member

    Joined:
    Jan 8, 2005
    Posts:
    163
    Location:
    Greece
    You have no more updates for Antivirus and Webfiltering. The program continues working as it is.

    Regards
    joter
     
  25. joter

    joter Registered Member

    Joined:
    Jan 8, 2005
    Posts:
    163
    Location:
    Greece
    Yes, it has the same IDS/IPS signatures, into the code. They change with every new version.

    Regards
    joter
     
Loading...
Thread Status:
Not open for further replies.