Sie sind auf Seite 1von 11

FortiClientTM Endpoint Security System

Release Notes
v4.0 MR3 Patch 3

04-433-141402-20111027

Release Notes

FortiClient Endpoint Security System v4.0 MR3 Patch 3

Table of Contents
1 FortiClient v4.0 MR3 Patch 3 ...............................................................................................................................1 1.1 What's New ........................................................................................................................................................1 1.2 Documentation ...................................................................................................................................................1 1.3 Language Support ..............................................................................................................................................1 1.4 Tools ..................................................................................................................................................................1 1.5 Licensing ............................................................................................................................................................2 1.6 Supported Operating System .............................................................................................................................2 1.7 System Requirements.........................................................................................................................................2 2 Special Notices......................................................................................................................................................3 2.1 General ...............................................................................................................................................................3 2.2 Reconnect after resuming from Windows Sleep/Hibernate/Standby ................................................................3 2.3 Saving login information ...................................................................................................................................3 2.4 Start VPN before logging on to Windows .........................................................................................................3 3 Upgrade and Installation Information ...................................................................................................................4 4 Resolved Issues in FortiClient v4.0 MR3 Patch 3 ................................................................................................5 5 Known Issues in FortiClient v4.0 MR3 Patch 3 ...................................................................................................6 6 Image Checksums .................................................................................................................................................7 7 Appendix ...............................................................................................................................................................8 7.1 IPSec VPN Configuration Instruction for FortiOS v4.0 MR3...........................................................................8 7.2 IPSec VPN Configuration Instruction for FortiClient v4.0 MR3 Patch 3 .........................................................8 7.3 IPSec VPN Configuration Instruction for FortiOS v4.0 MR2...........................................................................8
Change Log Date 2011-08-22 2011-09-07 2011-10-27 Initial Release. Minor update. Update for 4.3.3 Change Description

Copyright 2011 Fortinet Inc. All rights reserved. Release Notes FortiClient Endpoint Security System v4.0. MR3 Patch 3. Trademarks Copyright 2011 Fortinet, Inc. All rights reserved. Fortinet, FortiGate, FortiGuard, are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance metrics contained herein were attained in internal lab tests under ideal conditions. Network variables, different network environments and other conditions may affect performance results, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding contract with a purchaser that expressly warrants that the identified product will perform according to the performance metrics herein. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinets internal lab tests. Fortinet disclaims in full any guarantees. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable. Certain Fortinet products are licensed under U.S. Patent No. 5,623,600.

Support will be provided to customers who have purchased a valid support contract. All registered customers with valid support contracts may enter their support tickets via the support site: https://support.fortinet.com

October 27, 2011

Release Notes

FortiClient Endpoint Security System v4.0 MR3 Patch 3

1 FortiClient v4.0 MR3 Patch 3


This document provides a summary of the new features in FortiClient v4.0 MR3 B0445 and provides information on installation instructions and known issues. The FortiClient v4.0 MR3 Patch 3 is also known as v4.3.3.0445.

1.1 What's New


The following is a brief list of the new features added in FortiClient v4.0 MR3 Patch 3. Support IKE Banner option Simplified the GUI for VPN Dashboard view and Add Connection screen Enhanced support for 3G cards

1.2 Documentation
The following documentation is available from the Fortinet Technical documentation website at http://docs.fortinet.com FortiClient Quickstart Guide FortiClient Deployment Guide Articles and information on specific issues are available from the Fortinet Knowledge Base at http://kb.fortinet.com

1.3 Language Support


FortiClient v4.0 MR3 Patch 3 is localized for the following languages: GUI Documentation English Yes Yes French Yes German Yes Japanese Yes Yes Portuguese (Brazilian) Spanish (Spain) Yes Slovak Yes Czech Yes -

1.4 Tools
FortiClient includes various utility tools and files to help with installations. The following tools and files are available in the FortiClient Tools zip file, which can be downloaded from the Fortinet support site: FortiClientRepackagingToolGUI.exe /FortiClientRepackagingTool.exe: an installer repackaging tool that is used to create customized MSI files. FCInstallerLight.exe: NOT intended for end users. Used in conjunction with the Endpoint Control feature FortiOS v4.x. Endpoint Control will redirect all users detected as not running FortiClient to a dedicated portal. From this portal, the user can download FCInstallerLight.exe, which will then subsequently download the full FortiClient installation from the FDS servers. FCRemove.exe: FCRemove.exe is a clean-up tool for use ONLY IF the Add/Remove Programs feature in Windows fails to remove FortiClient completely.

October 27, 2011

Release Notes

FortiClient Endpoint Security System v4.0 MR3 Patch 3

ReinstallNIC.exe : A utility to uninstall and reinstall the Windows NIC driver if the user is having problems with DHCP acquisition after FortiClient is installed (Windows 7 or higher ONLY). FortiClientVPNEditor.exe: It is for creating VPN tunnel configuration files and exporting the previous FortiClient configurations to FortiClient4.3 format.

1.5 Licensing
Licensing of FortiClient is controlled by FortiOS 4.3. The user has to buy the FortiClient license with FortiGate Support Contract. By default, FortiOS 4.3 allows 10 FortiClient connections for free.

1.6 Supported Operating System


The following operating systems are supported: Microsoft Windows 7 including SP1 (32-bit and 64-bit) Microsoft Windows Vista SP2 (32-bit and 64-bit) Microsoft Windows XP SP3 (32-bit)

1.7 System Requirements


FortiClient v4.0 MR3 Patch 3 has the following minimum system requirements: Microsoft Internet Explorer 8.0 or later Windows compatible computer with Pentium processor or equivalent Compatible Operating System and minimum RAM: Microsoft Windows 7: 512 MB Microsoft Windows Vista: 512 MB Microsoft Windows XP: 256 MB 600 MB free hard disk space Native Microsoft TCP/IP communication protocol Native Microsoft PPP dialer for dial-up connections Ethernet NIC for network connections Wireless adapter for wireless network connections Adobe Acrobat Reader for user Manual MSI installer 3.0 or later

October 27, 2011

Release Notes

FortiClient Endpoint Security System v4.0 MR3 Patch 3

2 Special Notices
2.1 General
Any IPsec VPN connections created from the FortiClient v4.0 MR3 Patch 3 GUI console are only supported by FortiOS v4.3 or later. To create a compatible tunnel configuration on the FortiGate, go to VPN -> IPsec -> Auto Key (IKE)-> Create FortiClient VPN. See Appendix 7 for detail. Note: VPN tunnel created on the FortiGate using the Create FortiClient VPN button can only be used with FortiClient v4.3 or later and is not supported for older FortiClient versions. IMPORTANT! Web Browser Requirement Microsoft Internet Explorer 8.0 or later

2.2 Reconnect after resuming from Windows Sleep/Hibernate/Standby


Any active VPN connection will be disconnected when Windows enters Sleep/Hibernate/Standby mode, user will have to reconnect after Windows resumes.

2.3 Saving login information


Due to security reasons FortiClient does not save the passwords of the VPN connections, it will only save the usernames.

2.4 Start VPN before logging on to Windows


Use the Start VPN before logging on to Windows setting in conjunction with x509 Certificate Authentication, the certificates must be in the local certificate store.

October 27, 2011

Release Notes

FortiClient Endpoint Security System v4.0 MR3 Patch 3

3 Upgrade and Installation Information


The FortiClient installation package is available in two different formats: an executable installation file and a zipped MSI installation file. See the FortiClient Deployment Guide on creating custom MSI installation packages. FortiClient v4.0 MR3 Patch 3 supports direct upgrade from FortiClient Connect v4.0 MR3 and FortiClient v4.0 MR3 Patch 1. Note: Uninstall any previous versions of FortiClient 4.2 or any versions of FortiClient Lite v4.3 before installing FortiClient v4.0 MR3 Patch 3.

October 27, 2011

Release Notes

FortiClient Endpoint Security System v4.0 MR3 Patch 3

4 Resolved Issues in FortiClient v4.0 MR3 Patch 3


The following issues have been resolved in FortiClient v4.0 MR3 Patch 3: Description: IPsec VPN cannot automatically disconnect if the Remote Gateway IP address or Pre-shared Key is wrong Bug ID: 146725, 145102 Description: Quick Connect does not work properly after resuming from sleep Bug ID: 150575 Description: x509 certificates in the System Store may fail to authenticate under certain circumstances Bug ID: 149754

October 27, 2011

Release Notes

FortiClient Endpoint Security System v4.0 MR3 Patch 3

5 Known Issues in FortiClient v4.0 MR3 Patch 3


This section lists the known issues of this release, but is NOT a complete list. Description: WAN Optimization sometimes can make file transfer over CIFS slower Bug ID: 154627 Status: N/A Workaround: N/A

October 27, 2011

Release Notes

FortiClient Endpoint Security System v4.0 MR3 Patch 3

6 Image Checksums
cbd7cdededc0277c4b0196494eccac93 e805ca237175e497cfe3a9fdfe86b064 877bd172d8dd7ae70e2fd6282659bbab 53f9fef6a4c306e4fea2a96f808ebe3e 7c6d1fef577085226e35363a7a5cb01d d41d8cd98f00b204e9800998ecf8427e f5ada14d344d0d658f4573961b9a8d3d *FortiClientSetup_4.3.3.0445.exe *FortiClientSetup_4.3.3.0445.zip *FortiClientSetup_4.3.3.0445_x64.exe *FortiClientSetup_4.3.3.0445_x64.zip *FortiClientTools_4.3.3.0445.zip *FortiClientV4Md5_build0445.sum *Readme_1st.txt

October 27, 2011

Release Notes

FortiClient Endpoint Security System v4.0 MR3 Patch 3

7 Appendix
7.1 IPSec VPN Configuration Instruction for FortiOS v4.0 MR3
Described below are the steps to configure an interface mode IPSec VPN on FortiOS v4.0 MR3. Step 1: On the FortiGate (running v4.0 MR3) go to VPN > IPSec > Auto Key (IKE) page. Step 2: Click on Create FortiClient VPN button. Step 3: Fill the VPN tunnel configuration details on the page and click OK. Step 4: Verify that a Phase1 and Phase2 has been created for the VPN. Step 5: Configure appropriate firewall policies under Firewall > Policy page for VPN traffic.

7.2 IPSec VPN Configuration Instruction for FortiClient v4.0 MR3 Patch 3
Described below are the steps to configure an interface mode IPSec VPN on FortiClient v4.0 MR3 Patch 1 Step 1: Open the FortiClient console and navigate to IPSec VPN main page. Step 2: Click '+' icon on the bottom-left corner to add a new connection. Step 3: Input the following information on the "Add Connection" page. Connection Name Remote Gateway Authentication Method XAuth Click OK Step 4: Select the VPN connection from the list and click Connect to establish the IPSec tunnel.

7.3 IPSec VPN Configuration Instruction for FortiOS v4.0 MR2


Described below are the steps to configure an interface mode IPSec VPN on FortiOS v4.0 MR2. Step 1: Create an address name for internal subnet if it doesnt exist yet. (optional) Step 2: Create an user group for FortiClient users on User > User Group web UI page. Step 3: Navigate to VPN > IPsec > Auto Key > Create Phase1 web UI page and input the following information: Name (i.e. mydialup-phase1) Remote Gateway (i.e. Dialup User) Local Interface (i.e wan1) Mode: Aggressive Authentication Method Enable IPSec Interface Mode option XAUTH: Enable as server User Group: <select the FortiClient user group> Click OK Step 4: Navigate to VPN > IPsec > Auto Key > Create Phase2 web UI page and input the following information: Name (i.e. mydialup-phase2) Phase1: select the phase1 VPN created before (i.e. mydialup-phase1) Click OK

October 27, 2011

Release Notes

FortiClient Endpoint Security System v4.0 MR3 Patch 3

Step 5: From the FortiGate CLI, enter the following commands:


config vpn ipsec phase1-interface edit <phase1 name> set mode-cfg enable set ipv4-start-ip <start ip address> set ipv4-end-ip <end ip address> set ipv4-netmask <network mask> set ipv4-split-include <address group> (optional setting) set ipv4-dns-server1 <server ip> (optional setting) end

Step 6: Configure appropriate firewall policies using Firewall > Policy page for VPN traffic. (End of Release Notes.)

October 27, 2011