What needs improvement with Fortinet FortiClient?

There are compatibility issues, and sometimes, especially with macOS, it's difficult to set up properly. Sometimes, it connects, sometimes not. Another improvement is that we need to know if there's a proper setup for both Mac and Windows systems. We disconnect sometimes, and we don't really know the cause. Also, the FortiClient feature should connect seamlessly without manual intervention. Sometimes, there is a need for manual configuration before connecting.

The tool could use more features, such as improved antivirus scanning with filters and application control to manage users. If you don't have FortiGate for web filtering and application control, you can use these in Fortinet FortiClient EMS. This gives you two options: on-site and off-site. When a user is on-site at the company, you can apply policies to control your network's web filtering and application control. But when the user or PC is outside the company, you don't need to control what they open in their browser. This is a benefit because I don't care what users access at home - they can open YouTube or Facebook. But when they're at the company, I want to restrict what they can open in the browser. I want to block YouTube and Facebook at work but allow all access at home.

The tool is expensive.

I heard that Fortinet is going to enhance the firmware to have mobile versions. One is like Linux long-term support SCS and one with new features, but there is no support here. We spoke with the vendor multiple times, and they said that they will release these features soon.

In Fortinet FortiClient, the syncing features or capabilities of the database are areas of concern where improvements are required. The licensing feature of the product requires improvement since whenever the license expires, the tool logs out its users automatically, irrespective of whether they are on the network or not, which can be problematic for me.

The quality and response time of the support team must be improved.

The tool needs to improve its web filtering feature. Its support quality needs improvement. We speak different languages, and this can create misunderstandings.

One area for improvement in FortiClient is the speed of connectivity.

While it's been excellent, I suppose even faster connectivity would be great. More integration would be beneficial. Faster connectivity is always welcome.

Fortinet FortiClient should improve its visibility of the consumption of traffic and end-user action, which is very low.

The product's performance and pricing could be better.

The solution needs network stability, especially when the internet connection is not stable. Forticlient should provide proper polling functionality to try to keep the session alive by all possible means. We have seen certain improvements over the past year. However, it is simply not enough to be treated as a good yet even acceptable tool to use. It is currently producing more issues than adds value. The web filter quite often blocks random sites, including online dictionaries, governmental sites, etc. Review of the wrong block reports simply doesn't work.

Assuming myself to be the subject and your database to be the object, whenever the subject requests access to the database, the authorization process needs to be done quickly to ensure that the database can be manipulated efficiently. However, sometimes data manipulation can still take time.This can be achieved fast through authorization, authentication, or a triple authentication system. I am from India, and I have to log in to the data center in the US. I wonder why it takes time despite us having leased lines and multiple connections. Therefore, these are important topics that we need to discuss further.

We don't have matching infrastructure in our company for our customers as it is too expensive. It's difficult to see the licenses due to the cost. We don't find it too expensive as we do not have too much infrastructure, however, our customers have more infrastructure and need more and therefore it can get pricey. Cloud services are very expensive for us. We'd like Fortinet to offer bundled options in the future.

The solution requires skillful users. There are a lot of requirements. It makes it a bit complex to use. Security could always be improved. This is true for every VPN provider. We are seeing quantum computers, and it's only a matter of time before we will be using something like this we'll need security to match, including quantum-safe keys for VPNs and so on.

The features of Fortinet FortiClient could be improved.

With more features, the solution would be more independent from the firewall because some sites don't require a firewall to be installed. FortiClient could be more centralized. The filtering process could be improved.

The solution has some issues with stability on the user side.

We'd like to have a guided config process. We'd like it so that, when you want to configure something or allow new segments or servers, you launch a wizard, which will guide you on how to configure it. We'd also like to see a deployment wizard to help implementation become streamlined.

As far as I can tell, the solution only has one single function, so they could expand its functionality.

The user interface on the central server could be improved. In terms of additional features, the only thing I could imagine is that it should handle not only FortiClient VPN connections; it should also integrate with OpenVPN, for example. They should open it up for non-FortiGate devices. It is not a must, but it would be nice to have.

Fortinet FortiClient could improve the compatibility with mobile applications that are allowed and sometimes they do not respond. However, Microsoft Windows applications are very good.

The features for application control and device control must be improved.

FortiClient has compatibility issues between different versions, for example, the VPN doesn't work well between FortiClient 6.4 and FortiGate. There are usability issues with vulnerability scanning and with reporting. It's often difficult to interpret and there are inadequate features in management identity. I would appreciate a better explanation of the findings of the malware scanning and of things like real-time protection. The solution is geared toward centralized single sign-on for the workstations, which is something we do not have. From that point of view, it's not a good match. I've also found the SSL VPN very sensitive to network disruptions. The anti-ransomware feature is hard to use because when it finds something, it doesn't provide adequate information and there are false positives that are hard to identify. Generally, it's difficult to access the documentation of the APIs as it requires an invitation via sponsorship from a Fortinet employee. We had some long-running issues, but that's perhaps because our configuration is not mainstream.

Fortinet FortiClient could improve the connection because sometimes it drops.

We opened a ticket in Forti for a virtual desktop environment client to see if we could use it in the cloned desktop. We're using it in a virtual environment and need to sort that out so it also will work for cloned environments. They're working on that. However, it's not perfect right now. I don't really want to add new features. However, I would like to add the zero-day protection that they offer in the FortiXDR solution to this product. Right now, it's another product. They are clever guys. They make you buy more than one solution instead of putting everything together. While we like patch management, it would be nice if it could handle patch management for other solutions, like Microsoft.

I don't use it enough to be able to say what could be improved. We've got one client where it was blocking the smartphones, and there's a way to set it up on Fortigate that's supposed to do that. However, it didn't work with them since they had a 2FA multi-factor. It was integrated with a Microsoft NPS server, and it does not work with that. It just blocks everything. Therefore, it doesn't integrate well. If they like to update the Fortigate so that you can VPN in, it’s fine. However, not from smartphones. That doesn't work at all. For somebody with the NPS server, it just screwed everything up. We're still trying to fix that.

I’m not sure what exactly can be improved. It would be interesting if the solution offered a way to try to investigate and create a use case to trace vectors.

We've had some problems with having to remove the current version and either reinstalling an old version or updating to the new one.

The reports could be easier to set up.

The solution could be improved in these areas: 1. Support (If you have the Advanced Support Services you are in heaven) if not you will be in hell for a long time. 2. Licensing Division (They are starting to understand the value of their product and slicing everything to make money) 3. EDR with EMS better integrate them on the same single plane of glass. We will be waiting for it. 4. Working with Distribution sometimes comes at a cost due to a lack of knowledge of the current status of your licensing and products. 5. Advertise needs to be better for the ELA.

The EDR feature to be included in the basic license.

I would like for the next release to be more user-friendly for users to do not have as much of a technical background.

The software inventory part is not yet up-to-date. It doesn't have a great interface, which is a disadvantage. I wish we could leverage it, but we don't use it at all because it's not that reliable.

One area that could be improved is cost, but you've got to pay for what you get.

We do not use the solution every day and there are times when the new users have trouble reconnecting. The technology itself works but our users getting adopted to it is a major problem. Having the user adapt to the desktop landing page that it begins on is throwing them off a bit.

The solution should have faster turnaround when it comes to new technology. I'm speaking of next generation technology. For instance, they have a laboratory for investigating new technologies and I work with them towards the goal of releasing these to the industry a bit faster to allow us to start planning.

I'd like the ability to specify when EMS is controlling the client and when it's not because you would have a lot more options were it not for the client. As it stands, you need to edit the XML file on EMS to get those options. I also think Fortinet could improve the VPN. It's good, but Cisco AnyConnect is a bit better. Fortinet could add split tunneling for the routes, like AnyConnect. Currently, you have to go into the command prompt and then print the route. So someone who's not that knowledgeable of the product will not know how to do it. Fortinet could maybe include some more next-gen AV stuff, but I think that's going to be integrated into the new packages we've got.

The solution could improve by providing analytics or more detailed reports.

While I cannot think of new features to add, it would be nice if the reports were improved, to have these sent automatically.

The current version of this solution does not show the malicious websites that have been visited. They should add this to an upcoming release. There should be an automatic bootup scan option easily accessible.

I am troubleshooting some errors that I have had with the VPN and they are difficult to resolve. In the next release, I would like to see an additional layer of security added.

I'm now looking for some sort of option that can maybe be centrally located. We want the IP in our office to centralize the settings and so on. The one that we use, hasn't had that kind of capability to push the settings. We'd like to be able to properly encrypt the data more effectively. We want them to offer encryption of the hard drive. The initial setup can sometimes be complex.

The deployment status is not good in Mac devices and sometimes in Windows-based devices using GPO, like Active Directory, that are not on the local network. Deployment can be a painful task in these cases. You need to get a management console in the cloud because the EMS server must be deployed on-premises in order to connect to FortiGate. This is because the on-cloud server is not deployed well. It's not good enough yet for the customer to use. So, the deployment cases and the management console of the EMS server must be improved. Development of a mail protection feature would be nice because there's not one present right now. Something that looks at the email that's getting into the PC or the possibility to use a monitor for the EMS server would be great.

We have been facing some issues when we use the web browser to log into the VPN gateway and we use the SSL VPN through the web page and have found that the browser is unstable. It is difficult to get logs for the client on the firewall. Technical support can be improved. While they respond quickly they don't resolve the issues quickly. I have yet to find the benefits of the latest upgraded version.

In terms of improvements, their SSL VPN tunnel can be a lot better. I've seen other products that have got much better VPN features than Fortinet. Some of my colleagues get this error called "License not available." When they get this error, they have to uninstall and reinstall it. This kind of problem is there, and sometimes, we have to open a case with Fortinet to resolve it. Their support is quick, so we are able to resolve and move forward. In terms of new features, when it is connecting, it should check the endpoint and say whether the end client is actually safe enough or whether there is a vulnerability. It should give a pop-up on the client itself. Because I'm on the admin side, I can also see this information in the log. However, if a non-IT user, such as a user from finance, is working on this and there is some problem, he or she would not know about this and would call IT admin to say that this is not working. If the users get a message explaining why and what is happening, it is easy for them to understand.

Its stability can be improved. It is not as reliable as I would like it to be. There are times when things don't work quite right. Our biggest pain point is not related to Fortinet FortiClient and the whole scheme of things. It is related to one of the additional services called FortiGuard. They are the arm that does all of the updates to definitions, keeps all the signatures updated, and responds to new threats and whatnot. What we have found is that they react quickly, but sometimes their solutions aren't compatible with all of the components of the Fortinet security suite, specifically around FortiSandbox.

SAML authentication was newly introduced (Post 6.2) but the free customizable version (Forticlient Configuration tool) from FNDN is still at 6.0.10. I would like to see in an upcoming release the free version of Forticlient Configuration tool supporting authentication and customizable for the customers. This is available in the FortiClient developing networks, but it is only available without SAML authentication. Also would like to see more descriptive error messages when authentication fails in Forticlient specially when using forticlient VPN connection from Windows Login with Fortitoken as a 2FA

For buying or deploying it with additional features, apart from VPN client, web security, or antivirus, I would like to see the USB key blocking function included in this solution for endpoint security. For endpoint security, you need antivirus and all of the features included in antivirus software these days, web security, and USB key locking feature. If it is implemented in a way that in one package, you have all the primary features needed for security these days, it would be nice. All of those features will probably be additionally charged as it is a web security feature on FortiClient.

I would like to see endpoint detection and response included.

This product is very good. Graphically, it is okay, but this may be one area where it could be better. It should be more graphically inviting. It is okay as it is, but it could be improved. If I compare FortiClient VPN and OpenVPN, FortiClient VPN takes too much time while installing on someone's computer or laptop. I do not know why that is. The installation takes too much time compared to OpenVPN. OpenVPN is a very light software. It is installed in a couple of seconds. It does not make sense that FortiClient takes so long to install. I just feel it is a problem that could be addressed.

The only thing that is lacking in this product is the support. Their support can be improved.

The improvement required for Fortinet is that they must increase RAM in low-end Firewalls. because low-end Firewalls come with very low RAM, due to low RAM users faced performance issues when increase user traffic, that can cause performance issues. even we know other vendors are using a minimum of 04 GB RAM. But Fortinet for their low-end entry-level box is using only one/two GB RAM. That is very low and can be a performance issue. If we compare the performance based on their datasheet, it does not really meet the full requirements. For example, if we are using the FG-60F Network Security Firewall 10xGE, the throughput is 10 gigs. But the memory is two GB. Two GB of memory is too low to handle the throughput. So they should increase the memory in the box. Fortinet can gain end customer confidence.

There isn't much to improve in terms of features and comparison with other vendors. It just needs to stay more up to date in catching the malware. The user interface may be improved, which would be a minor enhancement. Unlike central management, in endpoint security, the end users don't need to keep looking at the endpoint user interface. The technology is the most important thing in endpoint security.

I think that FortiClient can enhance the multifactor authentication. Currently, if you want to enable dynamic tokens with FortiClient authentication, you only have one option, which is supplied by Fortinet. You cannot integrate FortiClient VPN with Google authenticator or Microsoft authenticator, it's impossible. I think that they can improve this module. In the next release of this solution, if they could improve the MFA, it would be a perfect solution.

When we change our endpoint, we have to connect again, which means having to enter our credentials and permissions. Also, we are facing some connectivity issues after changing our mode of connection to a public base. It's slow in reconnecting. I would like to see changes to the speed in the end-user connectivity improved in the next release of FortiClient.

FortiClient is not communicating with the new version of the firewall.

The pricing of the solution should be less expensive. It would be nice if you could connect to three or four sites at a time.

I feel that this product is more to bolster their marketing, rather than its use for actual synchronization. This solution is not able to deliver interprocess visibility when it comes to the endpoint, and this is something that needs to be done. Other solutions, such as Carbon Black, are able to do this. The memory check needs to be improved, giving better visibility into the run-time memory. The anti-exploitation engine needs enhancement. When it comes to Windows processes and protocols, they need to be included in a more effective way. As it is now, they simply have a checkmark beside it. They have visibility of the protocol, for Windows and the operating system communication, but they are not offering the same level as other solutions, such as Sophos, when it comes to the endpoint. The level of data protection provided by this system is inconsistent.

The pricing could use improvement. It should be cheaper. The reporting can also always be better.

My customers say they need a consultation to fully integrate services. This needs improvement. I would like to see better integration. The price could also use improvement. In the next release, some of our clients said that while they can select different customers, they get confused and they would like to also see the logo of the company. The name is written but they want to see the logo as well.

I would like to see an improvement in the web filter, because I think it can be more user-friendly. For instance, if I want to authorize a user to access a certain website, it should be easy for that user to edit those websites on the exempted list. But sometimes I find that my users can't do that when I am not at the office. Due to the fact that some of our users operate remotely, it sometimes happen that they can't access a specific website. Then I have to go through all the websites, or dive into the users machine just so that I can change the configuration. I therefore think it should be a little bit easier for a user to add a certain website to the exempted list. Something else that should be worked on, is the compatibility issues between versions 6.2 and 6.0, because it is not easy to upgrade your firewall to the latest version with admin. If you want to upgrade, you need a hardware change.

Initially, the support was very poor. It is getting better, but they should continue to improve this. Currently, we are having issues where the antivirus is blocking an item, but it is almost impossible to disable the antivirus. If the user wants to lift these priveledges they can't. Some options are not changeable. You cannot switch off a blockage even temporarily. I understand why it is like that, but I would like to give less control to these important processes because right now it is very complicated to turn off the protection even for testing purposes.

I haven't found that that solution does anything amazing. There is nothing special about it. It works trouble free just like any other client.

We had some issues using IPsec as a remote tunnel protocol and we had to change those configurations from IPsec to SSL. That was the only issue we had with FortiClient during the four years we used it. Everybody else is doing AI, machine learning, self-healing, next-generation features. They should incorporate more next-generation features.