Configuring Application Detection Lists - Fortinet FortiGate Series Administration Manual
Hide thumbs
Also See for FortiGate Series:
- Administration manual (60 pages) ,
- Install manual (51 pages) ,
- Quick start manual (14 pages)
Table of Contents
Advertisement
Endpoint NAC
Configuring application detection lists
FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903
http://docs.fortinet.com/
•
Feedback
FortiGuard Distribution
Network
This FortiGate
Custom URL
Enforce Minimum Version From the list select either Latest Available or a specific FortiClient
Note: Select This FortiGate or Custom URL if you want to provide a customized FortiClient
application. This is required if a FortiManager unit will centrally manage FortiClient
applications. For information about customizing the FortiClient application, see the
FortiClient Administration
Application detection lists determine which applications are permitted or not permitted on
network endpoints. An application detection list is part of an Endpoint NAC profile that you
can apply in your firewall policies. You can create multiple lists.
Application detection is based on application signatures provided by FortiGuard Services.
You create your application detection list entries by selecting applications from FortiGuard-
supplied lists of categories, vendors, and application names. To view application
information from FortiGuard services, go to Endpoint NAC > Application Detection >
Predefined.
Application detection checks applications against the detection list from the top down until
it finds a match. Specific entries, such as those that list one particular application, should
precede more general entries, such as those that match all applications of a particular
category.
Go to Endpoint NAC > Application Detection > Detection List to create application
detection lists.
The FortiClient application is provided by the FortiGuard Distribution
Network. The FortiGate unit must be able to access the FortiGuard
Distribution Network. See
"Configuring FortiGuard Services" on
page
322.
If the FortiGate unit contains a hard disk drive, the files from
FortiGuard Services are cached to more efficiently serve downloads
to multiple end points.
Users download a FortiClient installer file from this FortiGate unit.
This option is available only on FortiGate models that support upload
of FortiClient installer files. Upload your FortiClient installer file using
the execute restore forticlient CLI command. For more
information, refer to the
FortiGate CLI
Specify a URL from which users can download the FortiClient
installer. You can use this option to provide custom installer files even
if your FortiGate unit does not have storage space for them.
version as the minimum requirement for endpoints.
The list contains the FortiClient versions available from the selected
FortiClient Installer Download Location.
Fortinet recommends that administrators deploy a FortiClient version
update to their users or ask users to install the update and then wait a
reasonable period of time for the updates to be installed before
updating the minimum version required to the most recent version.
Guide.
Configuring application detection lists
Reference.
697
Advertisement
Table of Contents
