What is our primary use case?
There are two main use cases: the first is to deploy the security fabric environment from FortiGate to the endpoints so that there's only one policy in use. There's no need to deploy the policy in the firewall as well as the endpoint. So, if you deploy the policy in FortiGate, FortiClient can get that policy automatically.
The second is to control the endpoint, that is, to control the antiviral software and antispyware in general.
What is most valuable?
Telemetry has been valuable. Starting from FortiGate and from the EMS server, you have to begin at the endpoint, and that's the most useful thing about using FortiClient.
I haven't had to open a FortiClient support case yet with Fortinet because we have solved everything ourselves using the documentation provided. Information on deployment and that on how to solve many of the issues are well-documented in the Fortinet library.
What needs improvement?
The deployment status is not good in Mac devices and sometimes in Windows-based devices using GPO, like Active Directory, that are not on the local network. Deployment can be a painful task in these cases.
You need to get a management console in the cloud because the EMS server must be deployed on-premises in order to connect to FortiGate. This is because the on-cloud server is not deployed well. It's not good enough yet for the customer to use. So, the deployment cases and the management console of the EMS server must be improved.
Development of a mail protection feature would be nice because there's not one present right now. Something that looks at the email that's getting into the PC or the possibility to use a monitor for the EMS server would be great.
For how long have I used the solution?
I have been working with this solution for around one year.
What do I think about the stability of the solution?
Overall, the stability is okay. Ease of deployment, VPN access, and the policies are implemented well. I haven't had any need to restart the servers of the PC due to FortiClient.
What do I think about the scalability of the solution?
The scalability is great, and you can scale it as the company grows.
How was the initial setup?
In Windows 10 devices, the initial setup was okay. It is not really bad if you have access straight to the PC. Deploying unattended is a hard thing to do. Sometimes, it doesn't work using the GPO Active Directory.
Our deployment strategy is to install the solution in the lab using 10 devices, test all the policies, and after that deploy it to the whole company. The lab stage is really easy and is a nice experience.
When you have a massive deployment, because most of the uses are not in the local area to be covered, deployment has to be done using remote access. That's a painful task. We have had to deploy 190 devices almost manually because they were not on the local network.
Which other solutions did I evaluate?
My clients evaluated Sophos and Intercept X. They liked the ease of deployment with Intercept X because the control comes from working in the cloud. Sophos also has the management console on the cloud. However, the clients were already using Fortigate, so they wanted to keep that level of protection.
What other advice do I have?
It's a little harder to deploy on Mac devices. When I installed FortiClient, it didn't even work at the beginning. The user experience in Mac to check the antivirus and antispyware protection is not good.
In order to work with FortiClient very well, you need to deploy the VPNs through FortiGate. So those who would like to use Fortinet FortiClient would need to evaluate the bandwidth capacity and how they are going to use a feature that's called split tunneling. That's the main thing they have to consider in order to design their requirements for the person who is going to develop and implement it on the customer's side.
On a scale from one to ten, I would rate Fortinet FortiClient at eight.
Which deployment model are you using for this solution?