
What is a Fabric Agent?
A Fabric Agent is a bit of software that runs on an endpoint, such as a laptop or mobile device, that communicates with the Fortinet Security Fabric to provide information, visibility, and control to that device. It also enables secure, remote connectivity to the Security Fabric. Fabric Agents can report to the Security Fabric on the status of the device, including applications running and firmware version. Plus, it can send any suspicious files to a Fabric Sandbox. A Fabric Agent can extend the control of the Security Fabric to the device and enforce application control, USB control, URL filtering, and firmware upgrade policies. As part of that control, the Fabric Agent can provide malware protection and application firewall service. Finally, Fabric Agents can enable the device to connect securely to the Security Fabric over either VPN (SSL or IPsec) or ZTNA tunnels, both encrypted. The connection to the Security Fabric can either be a FortiGate Next-generation Firewall or SASE service.
FortiClient News
-
2020年2月26日NSE 5 FortiClient EMS 6.2The new NSE 5 FortiClient EMS 6.2 course is now available.
-
2020年2月20日Fortinet NSE 5 – FortiClient EMS 6.2 ExamThe new Fortinet NSE 5 – FortiClient EMS 6.2 exam is now available at Pearson VUE testing Center in English (Japanese is coming soon).
-
2019年4月9日Endpoint Solution Reference ArchitectureOrganizations of all sizes need to ensure network performance and security while the number of users, devices, and applications entering the network are drastically increasing and expanding the attack surface. The Fortinet Endpoint Solutions Reference Architecture provides a broad overview of endpoint solutions in a hybrid network ecosystem.
-
2019年3月7日Fortinet’s FortiClient Blocks 100 Percent Malware in NSS Labs 2019 Advanced Endpoint Test ReportFortiClient receives third-straight recommended rating in the NSS Labs AEP Group Test, offering powerful and cost-effective solution for safeguarding the growing number of endpoint devices.
FortiClient Product Details
FortiClient is a Fabric Agent that can be purchased with three levels of capability: Zero Trust Security, Endpoint Security, and Cloud-based Endpoint Security.
- Zero Trust Security: The ZTNA Edition of FortiClient provides the requirements for a remote worker to connect to the network with a minimum level of control. The ZTNA Edition enables both ZTNA and VPN encrypted tunnels, as well as URL filtering and USB device control. Central management via FortiClient EMS is included.
- Endpoint Protection: The EPP/APT Edition of FortiClient expands on the capabilities of the ZTNA Edition by adding AI-based next-generation antivirus (NGAV), endpoint quarantine, and application firewall, as well as support for cloud sandbox.
- Cloud-based Endpoint Security: The SASE SIA Edition expands on the EPP/APT Edition to add firewall-as-a-service (FWaaS) capabilities from FortiSASE services, including SSL inspection, intrusion prevention (IPS), web filtering, Domain Name System (DNS) security, and data loss prevention (DLP).
What is a Virtual Private Network (VPN)?
Please see the product datasheet for more information on these and many more Product features.
Features and Benefits
Broad endpoint visibility
FortiClient Fabric Agent integrates endpoints into the Security Fabric and provides endpoint telemetry, including user identity, protection status, risk scores, unpatched vulnerabilities, security events, and more.
Endpoint compliance and vulnerability management
Reduce the endpoint attack surface and manage endpoint-borne risk.
Vulnerability scanning with flexible patching options. Detect and enforce endpoint compliance.
Proactive endpoint defense
Anti-exploit, sandbox integration, and behavior and pattern-based malware detection proactively detect and block malware, malicious scripts, document-based, and other advanced attacks.
Automated threat containment
Integration with the Security Fabric enables automated response. Mitigate unpatched vulnerabilities, alert users, and quarantine risky or compromised endpoints to stem an outbreak.
Secure remote access
Reliable, simple, and secure remote access via either ZTNA or VPN encrypted tunnels, with the added security of two-factor authentication, plus single sign-on (SSO) capabilities.
Easy to deploy and manage
Easy to deploy and manage Modular and light-weight endpoint agents are centrally managed with the Enterprise Manager Server (EMS).
Fabric Agent is compatible with Fabric-Ready endpoint security solutions.
Building a Cybersecurity Workforce
Advanced training for security professionals, technical training for IT professionals, and awareness training for teleworkers.
学到更多FortiClient Features and Specifications
FortiClient is offered with several levels of capabilities, with increasing levels of protection. It integrates with many key components of the Fortinet Security Fabric and is centrally managed by the Enterprise Management Server (EMS).
Features include:
Zero Trust Agent with Multi-factor Authentication (MFA) Coming in 7.0 | The Zero Trust Agent supports ZTNA tunnels, single sign-on (SSO), and device posture check to FortiOS access proxy |
Central Management via EMS | Centralized FortiClient deployment and provisioning that allows administrators to remotely deploy endpoint software and perform controlled upgrades. Makes deploying FortiClient configuration to thousands of clients an effortless task with the click of a button. Vulnerability dashboard helps manage an organization’s attack surface. All vulnerable endpoints are easily identified for administrative action. Windows AD integration helps sync an organization’s AD structure into EMS so the same organization units (OUs) can be used for endpoint management. Realtime Endpoint Status always provides current information on endpoint activity and security events. |
Central Logging and Reporting | Centralized logging simplifies compliance reporting and security analysis by ForiSIEM or other SIEM product |
Dynamic Security Fabric Connector | EMS creates virtual groups based on endpoint security posture. These virtual groups are then retrieved by FortiGate and used in firewall policy for dynamic access control. Dynamic groups help automate and simplify compliance for security policies. |
Vulnerability Agent and Remediation | Vulnerability agent and remediation ensures endpoint hygiene and hardens endpoints to reduce the attack surface. This identifies vulnerable endpoints and prioritizes unpatched OS and software vulnerabilities with flexible patching options including auto-patching. |
SSL VPN with MFA | Secure Socket Layer (SSL) Virtual Private Network (VPN) with MFA enables an easy-to-use encrypted tunnel that will traverse most any infrastructure. |
IPsec VPN with MFA | IP Secure (IPSec) VPN with MFA enables an easy-to-use encrypted tunnel that provides the highest VPN throughput. |
FortiGuard Web Filtering | Powered by FortiGuard Labs research, the web filtering function monitors all web browser activities to enforce web security and acceptable usage policy with 75+ categories. It works across all supported operating systems and works with Google SafeSearch. The endpoint web filtering profile can be synchronized from FortiGate for consistent policy enforcement. Administrators can set black/white lists, on-/off-net policies, and import FortiGate web filtering policies for consistent enforcement. FortiClient now supports a web filter plugin that improves detection and enforcement of web filter rules on HTTPS sites with encrypted traffic. |
USB Device Control | This capability prevents unauthorized USB devices from accessing the host. |
Split-tunneling | Supported on ZTNA and VPN tunnels, split-tunneling enables optimized user experience |
Single Sign-on (SSO) | SSO integrates with FortiAuthenticator identity and access management to provide single sign-on. |
ZTNA Edition Features | This edition includes all the features in the ZTNA Edition plus the following: |
---|---|
AI-powered Next-Generation Antivirus (NGAV) | Anti-malware leverages FortiGuard Content Pattern Recognition Language (CPRL), machine learning, and AI to protect endpoints against malware. The pattern-based CPRL is highly effective in detecting and blocking polymorphic malware. It also blocks attack channels and malicious websites. |
FortiClient Cloud Sandbox | FortiClient natively integrates with FortiSandbox. FortiClient automatically submits files to the connected FortiSandbox for real-time analysis. Sandbox analysis results are automatically synchronized with EMS. Administrators can see detailed information and behavior activities of submitted objects including graphic visualization of the full process tree. |
Automated Endpoint Quarantine | When triggered by security events, automated endpoint quarantine automates policy-based response. For example, it can automatically quarantine a suspicious or compromised endpoint to contain incidents and prevent outbreaks. |
Application Firewall | The application firewall provides the ability to monitor, allow, or block application traffic by categories. It uses the same categories as FortiGate, enabling consistent application traffic control. It leverages FortiGuard anti-botnet, IPS, and application control intelligence and can prevent the use of unwanted applications including proxy apps and HTTPS messaging apps. |
Application Inventory | Application inventory provides visibility of installed software. In addition to managing licenses, software inventory can improve security hygiene. When software installed is not required for business purposes, it unnecessarily introduces potential vulnerabilities, and thereby increases the likelihood of compromise. Administrators can reduce the attack surface by leveraging inventory information to detect and remove unnecessary or outdated applications that are potentially vulnerable. |
ZTNA Edition Features | Includes all the features in the ZTNA Edition |
---|---|
EPP/APT Edition Features | Includes all the features in the EPP/APT Edition |
FortiOS-based Firewall-as-a-Service (FWaaS) | FWaaS identifies thousands of applications inside network traffic for deep inspection and granular policy enforcement. It also protects against malware and exploits in both encrypted and non-encrypted traffic. |
SSL Inspection | SSL inspection decrypts SSL-encrypted traffic to enable visibility and evaluation of the underlying traffic. |
Inline AV and Anti-malware | This capability prevents and detects against known attacks using continuous threat intelligence from AI-powered FortiGuard Labs security services |
Intrusion Prevention System (IPS) | FortiOS IPS detects and blocks network-based attacks. IP sensors can be configured based on IPS signatures, IPS filters, outgoing connections to botnet sites, and rate-based signatures. |
Domain Name System (DNS) Security | You can apply DNS category filtering to control user access to web resources with SASE via FortiOS. FortiOS allows customization of the default profile, or a new one can be created to manage network user access and apply it to a firewall policy. It can also be added to a DNS server on a FortiGate interface. |
Data Loss Prevention (DLP) | With FortiGate, DLP stops sensitive data from leaving or entering your network. Organizations can customize the default sensor or create their own by adding individual filters based on file type, file size, a regular expression, an advanced rule, or a compound rule. Once configured, the DLP sensor can be applied to a firewall policy. Data matching defined sensitive data patterns is blocked, logged, or allowed when it passes through the FortiGate. |
Schools continue to enhance their technologies in the curriculum and the adoption of personal devices such as Chromebooks are increasingly commonplace. School districts are required to be in compliance with Children’s Internet Protection Act (CIPA) and protect students from harmful content while browsing the internet.
Consistent web filtering policy enforcement on and off campus
Powered by FortiGuard Labs research, the web filtering function monitors all web browser activities to enforce web security and acceptable usage policy with 75+ categories. It also supports Google SafeSearch.
- Supports safe browsing for K-12 on and off campus. No reverse proxy or VPN is required
- Categorizes more than 43 million rated websites and 2 billion+ web pages
- Consistent with web filtering policy on FortiGate
- Works with Google SafeSearch and supports custom denied/approved lists
- Monitors all web browser activity including HTTPS
Easy to deploy, simple to use
- Integrates with Google G Suite Admin Console for management
- Deployment from within G Suite admin console and Google Chrome Web Store. It allows administrators to manage apps and extensions on Chromebooks, making it a scalable process.Enables single sign-on with Google credentials without requiring additional captive portal login.
Flexible detailed logging and reporting
- Identifies students logged into Chromebooks and apply appropriate policies that are grade-level appropriate.
- Supports the “cart system” where devices are not specifically assigned to one user.
Read the solution brief
Windows | MAC OS X | Linux | Android | iOS | Chromebook | |
---|---|---|---|---|---|---|
FABRIC AGENT | ||||||
Endpoint telemetry - visibility | ✔ | ✔ | ✔ | ✔ | ✔ | ✔ |
Compliance enforcement | ✔ | ✔ | ✔ | ✔ | ✔ | |
Host quarantine | ✔ | ✔ | ||||
Vulnerability management | ✔ | ✔ | ✔ | |||
Application inventory | ✔ |
✔ |
✔ | |||
Secure Access | ||||||
VPN | ✔ | ✔ | ✔* | ✔ | ✔ | |
SSO | ✔ | ✔ | ||||
Endpoint Protection | ||||||
Anti-malware | ✔ | ✔ | ✔ |
|||
Anti-exploit | ✔ | |||||
Sandbox integration | ✔ | partial** | ||||
Web filtering | ✔ | ✔ | ✔ | ✔ | ✔ | |
Application firewall | ✔ | ✔ |
FortiClient |
|
||||
ZTNA Edition |
EPP/APT Edition |
SASE SIA Edition |
Chromebook Edition |
||
Zero Trust Security |
Windows, Mac, Linux |
Chromebook |
|
||
Zero Trust Agent |
* |
* |
* |
|
|
Central Management via EMS |
* |
* |
* |
* |
|
Central Logging and Reporting |
* |
* |
* |
* |
|
Dynamic Security Fabric Connector |
* |
* |
* |
|
|
Vulnerability Agent and Remediation |
* |
* |
* |
|
|
SSL VPN with MFA |
* |
* |
* |
|
|
IPsec VPN with MFA |
* |
* |
* |
|
|
FortiGuard Web Filtering |
* |
* |
* |
* |
|
USB Device Control |
* |
* |
* |
|
|
Next-generation Endpoint Security |
|
|
|
|
|
AI-powered NGAV |
|
* |
* |
|
|
FortiClient Cloud Sandbox |
|
* |
* |
|
|
Automated Endpoint Quarantine |
|
* |
* |
|
|
Application Firewall |
|
* |
* |
|
|
Application Inventory |
|
* |
* |
|
|
Cloud-bBased Endpoint Security (SASE) |
|
|
|
|
|
SSL Inspection |
|
|
* |
|
|
Inline AV and Anti-malware |
|
|
* |
|
|
Intrusion Prevention (IPS) |
|
|
* |
|
|
FortiGuard Web Filtering |
|
|
* |
|
|
DNS Security |
|
|
* |
|
|
Data Loss Prevention |
|
|
* |
|
|
Additional Services |
|
|
|
|
|
Cloud-hosted EMS |
Add-on |
||||
24x7 Support |
Included |
||||
FortiCare Best Practice Service |
Included 1st Year |
Our Customers Emphasize the Value of FortiClient in Gartner Peer Insights Reviews
FortiClient is more than endpoint protection. It strengthens enterprises overall security by integrating endpoints with network security and delivering continuous visibility and risk assessment of the endpoints. It supports proactive defense with vulnerability scanning, patching, compliance control and secure remote access.
Many enterprise customers realize the power and effectiveness of FortiClient and have provided positive feedback on Gartner Peer Insights. Read what end users say about our FortiClient Security Fabric Agent.
★★★★★
“Powerful Endpoint Protection For Your Corporate Devices”
Senior Consultant IT in the Manufacturing Industry
“This is a solid all-in-one security product that we use to protect our corporate endpoints. The reason for our investment in this product was that we were looking for enhanced security features such as application control and web-filter for our Internet connected endpoints. Since we already had invested a lot in other Fortinet security products, we decided to also implement the FortiClient Endpoint Protection features and that is a decision we do not regret. With FortiClient we got a lot more than just the security features we needed. One of the greatest values was the ease of management and overview of our endpoints. This includes the vulnerability scanner and software inventory that comes with the latest version, which provides us with an overall threat summary of vulnerabilities on our endpoints.”
★★★★★
“Best VPN Client, AV and Vulnerability Management Client”
Cyber Security Leader in the Manufacturing Industry
“Fortinet is extremely easy to work with and their support is excellent. The integration of FortiClient with the overall Fortinet ecosystem is a large advantage for us.”
★★★★★
“Next Generation Endpoint. Lovely Telemetry and Compliance Function”
IT Manager in the Healthcare Industry
“FortiClient brings better endpoint visibility and total control. It knows endpoint vulnerability and only grants endpoint that has minimum requirement.”
★★★★★
“An Excellent Multifunctional VPN, AntiVirus & Web Filtering Client”
Networks & Infrastructure Manager in the Construction Industry
“We deployed FortiClient to replace multiple products from other vendors. It combines multiple functions, VPN, AV, Application Firewall, Web Filtering [additionally, it integrates with] our Security Fabric, Telemetry & Compliance enforcement.”
★★★★★
“Fully Featured EPP Which Was Extremely Easy To Roll Out And Manage”
IT Services Manager in the Education Industry
"A huge bonus is the compliance feature which will scan all programs installed on the endpoint and report back on whether that particular version of the program has vulnerabilities.”
★★★★★
“Integration FortiClient That Supports Our Work Stations”
IT Support in the Transportation Industry
“It is a very good product and the best thing is that it is integrated into a solution with both the [endpoint and] firewall, generating greater security of our workstations.”
For more Peer Insight reviews on FortiClient, click here.
Gartner Peer Insights reviews constitute the subjective opinions of individual end users based on their own experiences, and do not represent the views of Gartner or its affiliates.
FortiClient Use Cases
FortiClient is more than just an advanced endpoint protection solution with a built-in VPN client. It connects the endpoint with the Security Fabric and delivers integrated endpoint and network security. With the modular design, users can deploy FortiClient for some or all of the use cases.
Security Fabric Integration
Endpoint Visibility and Compliance Control
FortiClient ensures endpoint visibility and compliance throughout the Security Fabric and integrates endpoint and network security with automation and segmentation. FortiClient shares endpoint telemetry with the Security Fabric, enabling unified endpoint awareness.
In addition, it is also compatible with third-party anti-malware or endpoint detection and response (EDR) solutions.

Secure Remote Access (VPN, ZTNA)
Ensure secure remote access with always-on, SSL/IPsec VPN that supports network segmentation, conditional admission, and integrates with FortiAuthenticator for single sign on, and multi-factor authentication.

Traditional VPN

ZTNA Application Access
Endpoint Hardening
99% of the vulnerabilities exploited continue to be ones known by security and IT at the time of the incident. FortiClient enables vulnerability scanning with automated patching, software inventory, and application firewall to help reduce the attack surface and boost overall security hygiene.
As part of the telemetry shared throughout the Security Fabric, endpoint vulnerability information allows network security operations teams to take additional measures, such as dynamic access control, to help secure the environment.

The FortiClient vulnerability dashboard delivers detailed information including category, severity, and can pinpoint the affected endpoints.
Advanced Endpoint Protection
Secure endpoints with machine learning antimalware and behavioral-based anti-exploit. Sandbox integrations detect advanced threats, customer malware, and script-based, file-less attacks. Application firewall, intrusion prevention system (IPS), botnet protection, and web content filtering provides additional layers of protection.
FortiClient also natively integrates with FortiSandbox. It can block the execution of any never-before seen file and automatically submit them to the sandbox for real-time analysis. Real-time threat intelligence from FortiSandbox is instantly shared across the enterprise to all endpoints.

The FortiClient enterprise management console shows detailed analysis from FortiSandbox.
Secure Access Service Edge (SASE)
Enable SASE Secure Internet Access (SIA)
FortiSASE SIA™ is deployed via FortiClient SASE edition as Security-as-a-Service. This scalable cloud-based platform is easy to manage and powered by Fortinet’s award-winning FortiGuard advanced protection services. Organizations are now able to extend enterprise-grade security to off-net remote users.
These include:
- Firewall-as-a-service (FWaaS)
- Intrusion prevention (IPS)
- Data loss prevention (DLP)
- Domain Name System (DNS)
- Secure web gateway (SWG)
- Sandboxing

FortiSASE SIA offers up-to-date real-time protection to terminate client traffic, scan traffic for known and unknown threats, and enforce corporate security policies for users anywhere. For more information go to FortiSASE.
FortiClient leverages FortiGuard threat intelligence research and services
IP 信誉和反僵尸网络
FortiGuard IP 信誉服务能够从威胁传感器、CERT、MITRE、合作友商及其他全球来源组成的 Fortinet 分布式网络中聚合恶意源 IP 数据,这些信息来源将协同提供有关恶意数据源的最新威胁情报。从分布式网络网关获取的近乎实时的情报与 FortiGuard 实验室提供的一流研究成果相结合,可确保组织安全无虞,并助力主动拦截攻击。
应用控制
通过实时、全面了解用户正在运行的应用,轻松实施可接受的使用策略,从而提高安全性,并满足合规要求。借助 FortiGuard 应用控制服务,您可以快速创建策略,以允许、拒绝或限制对应用或整个应用类别的访问。
Case Studies
Solution Guides
White Papers
Fuse Community
FortiClient Enterprise Management Server (EMS) Demo
This full working demo shows the Enterprise Management Server (EMS) for FortiClient. Have a look at the Dashboard, FortiClient Status, Vulnerability Scan and Software Inventory. Check out the Endpoints section and see the summary and available actions, such as quarantine an endpoint. And you can also configure system settings and scanning options under Endpoint Profile.
NSS Labs 2018 Advanced Endpoint Protection (AEP) Test
The NSS Labs AEP group test evaluates products for security effectiveness, performance, and total cost of ownership (TCO). These products include endpoint security technologies that combine the protective capabilities of anti-threat products with the detection, investigation, and prevention capabilities of endpoint security products. FortiClient with integrated FortiSandbox earned a “Recommended” rating with average security effectiveness of over 97.3%, zero false positives, and low TCO.
NSS Labs Breach Prevention Systems (BPS) Test 2017
NSS Labs introduced a new group test, BPS focused on detecting and blocking exploits, advanced malware, and evasions. This helps validate the advanced threat response cycle of prevent-detect-mitigate across a number of threat vectors including web, email, and endpoint. Fortinet's Security Fabric consisting of FortiSandbox, FortiGate, FortiMail, and FortiClient integrated together, earned a Recommended award by achieving a block rate of 99.6% and offering the lowest 3-year TCO.
FortiClient Ecosystem
FortiClient provides integration with many leading IT vendors as part of the Fortinet Security Fabric. Below is a list of current FortiClient Alliance Partners:

McAfee is one of the world’s leading independent cybersecurity companies. Inspired by the power of working together, McAfee creates business and consumer solutions that make the world a safer place.

SentinelOne is shaping the future of endpoint security with an integrated platform that unifies the detection, prevention and remediation of threats initiated by nation states, terrorists, and organized crime. SentinelOne’s unique approach is based on deep inspection of all system processes combined with innovative machine learning to quickly isolate malicious behaviors, protecting devices against advanced, targeted threats in real time.

Symantec Corporation (NASDAQ:SYMC), the world’s leading cyber security company, helps organizations, governments and people secure their most important data wherever it lives. The partnership with Fortinet combines Symantec’s endpoint protection leadership with Fortinet’s best-in-class network security and Fabric integration to deliver unparalleled security protection.
- Solution Brief
- Symantec CloudSOC Solution Brief
- Technical Deployment Guide
- Press Release on partnership
- Fabric Connector Technical Guide

Ziften simplifies endpoint protection.
The Zenith endpoint protection platform is a single product that stops cyber-attacks on all enterprise endpoints – laptops, desktops, servers, and cloud. The single agent deploys quickly and delivers (1) best-in-class zero-day protection, (2) complete investigation, (3) the most flexible response, plus (4) security posture analysis. The result is simplified endpoint protection to easily stop cyber-attacks with the people and budget you already have. Together with Fortinet, Ziften leverages the Fortinet Security Fabric to help customers better secure their endpoints, servers, and network.