Endpoint Protection

Expand all | Collapse all

Forticlient thinks it's not compliant

  • 1.  Forticlient thinks it's not compliant

    Posted Feb 19, 2018 08:29 AM

    I've seen this a few times here and there, it seems to come and go.  Used to see it with 5.4, and now with 5.6 client version.  

    I am being told that my forticlient is out of compliance with our fortigate.    When viewing the compliance rules, the one that is listed as being bad is "FortiClient Signatures are up-to-date".  Clicking the exclamation mark tells me FortiClient Signatures Out of date"

     

    Going to Help|About tells me everything is up-to-date (55.00305 at time of writing).  The AntiVirus tab, tells me I'm up to date.  When I click "Fix Non-compliant Settings", it tries to update the AV definitions and it briefly flashes "No Updates available."

     

    On the fortigate that it is registered to, the AV definitions are 56.00305 - I don't know if that has anything to do with it, or if the definitions are different for the FortiGate vs Forticlient.    Thankfully the client at 5.6 respects the setting to just warn me.  The 5.4 client would kick me off the network for being non-compliant regardless of what the Fortigate was set to do.

     

    So how do I get the two to understand that all is good?



  • 2.  RE: Forticlient thinks it's not compliant

    Posted Feb 19, 2018 08:33 AM

    Hi Dan,

    FortiOS 5.6 require FortiClient 5.6., and FortiOS 5.4 require FortiClient 5.4

    FortiClient 5.4 does not compatible with FOS 5.6 and vice versa.

    https://docs.fortinet.com/d/forticlient-compatibility-chart

     

    Thank you,

     

    Paul



  • 3.  RE: Forticlient thinks it's not compliant

    Posted Feb 19, 2018 08:36 AM

    Interesting.  I saw that before but tried it anyway.  The same thing I described happened with the 5.4 client on the 5.4 fortigate.

    Looking at the chart, it shows the 5.4 client with 5.4.1+ version of FortiOS.   Does that mean I can run 5.4 client against 5.6 FortiOS...which goes against what you said in your response.

    Otherwise it creates a nightmare upgrade scenario for IT - having to upgrade the client and fortiOS all at the same time.