FortiClient v4.0 MR3 Patch 3 Release Notes

Release Notes v4.0 MR3 Patch 3

04-433-141402-20111027

FortiClientTM Endpoint Security System

Release Notes FortiClient Endpoint Security System v4.0 MR3 Patch 3

i October 27, 2011

Table of Contents1 FortiClient v4.0 MR3 Patch 3 ...............................................................................................................................1 1.1 What's New ........................................................................................................................................................1 1.2 Documentation ...................................................................................................................................................1 1.3 Language Support ..............................................................................................................................................1 1.4 Tools ..................................................................................................................................................................1 1.5 Licensing ............................................................................................................................................................2 1.6 Supported Operating System .............................................................................................................................2 1.7 System Requirements.........................................................................................................................................2 2 Special Notices......................................................................................................................................................3 2.1 General ...............................................................................................................................................................3 2.2 Reconnect after resuming from Windows Sleep/Hibernate/Standby ................................................................3 2.3 Saving login information ...................................................................................................................................3 2.4 Start VPN before logging on to Windows .........................................................................................................3 3 Upgrade and Installation Information ...................................................................................................................4 4 Resolved Issues in FortiClient v4.0 MR3 Patch 3 ................................................................................................5 5 Known Issues in FortiClient v4.0 MR3 Patch 3 ...................................................................................................6 6 Image Checksums .................................................................................................................................................7 7 Appendix ...............................................................................................................................................................8 7.1 IPSec VPN Configuration Instruction for FortiOS v4.0 MR3 ...........................................................................8 7.2 IPSec VPN Configuration Instruction for FortiClient v4.0 MR3 Patch 3 .........................................................8 7.3 IPSec VPN Configuration Instruction for FortiOS v4.0 MR2 ...........................................................................8

Change Log

Date Change Description

2011-08-22

2011-09-07

2011-10-27

Initial Release.

Minor update.

Update for 4.3.3

Copyright 2011 Fortinet Inc. All rights reserved. Release Notes FortiClient Endpoint Security System v4.0. MR3 Patch 3.

Trademarks Copyright 2011 Fortinet, Inc. All rights reserved. Fortinet, FortiGate, FortiGuard, are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance metrics contained herein were attained in internal lab tests under ideal conditions. Network variables, different network environments and other conditions may affect performance results, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding contract with a purchaser that expressly warrants that the identified product will perform according to the performance metrics herein. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinets internal lab tests. Fortinet disclaims in full any guarantees. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable. Certain Fortinet products are licensed under U.S. Patent No. 5,623,600.

Support will be provided to customers who have purchased a valid support contract. All registered customers with valid support contracts may enter their support tickets via the support site: https://support.fortinet.com


1 October 27, 2011

1 FortiClient v4.0 MR3 Patch 3This document provides a summary of the new features in FortiClient v4.0 MR3 B0445 and provides information on installation instructions and known issues. The FortiClient v4.0 MR3 Patch 3 is also known as v4.3.3.0445.

1.1 What's New The following is a brief list of the new features added in FortiClient v4.0 MR3 Patch 3.

Support IKE Banner option Simplified the GUI for VPN Dashboard view and Add Connection screen Enhanced support for 3G cards

1.2 Documentation The following documentation is available from the Fortinet Technical documentation website at http://docs.fortinet.com

FortiClient Quickstart Guide FortiClient Deployment Guide

Articles and information on specific issues are available from the Fortinet Knowledge Base at http://kb.fortinet.com

1.3 Language Support FortiClient v4.0 MR3 Patch 3 is localized for the following languages:

GUI Documentation English Yes Yes French Yes - German Japanese

Yes Yes

-

-

Portuguese (Brazilian) Spanish (Spain) Slovak Czech

Yes Yes Yes Yes

-

-

-

-

1.4 Tools FortiClient includes various utility tools and files to help with installations. The following tools and files are available in the FortiClient Tools zip file, which can be downloaded from the Fortinet support site:

FortiClientRepackagingToolGUI.exe /FortiClientRepackagingTool.exe: an installer repackaging tool that is used to create customized MSI files.

FCInstallerLight.exe: NOT intended for end users. Used in conjunction with the Endpoint Control feature FortiOS v4.x. Endpoint Control will redirect all users detected as not running FortiClient to a dedicated portal. From this portal, the user can download FCInstallerLight.exe, which will then subsequently download the full FortiClient installation from the FDS servers.

FCRemove.exe: FCRemove.exe is a clean-up tool for use ONLY IF the Add/Remove Programs feature in Windows fails to remove FortiClient completely.


2 October 27, 2011

ReinstallNIC.exe : A utility to uninstall and reinstall the Windows NIC driver if the user is having problems with DHCP acquisition after FortiClient is installed (Windows 7 or higher ONLY).

FortiClientVPNEditor.exe: It is for creating VPN tunnel configuration files and exporting the previous FortiClient configurations to FortiClient4.3 format.

1.5 Licensing Licensing of FortiClient is controlled by FortiOS 4.3. The user has to buy the FortiClient license with FortiGate Support Contract. By default, FortiOS 4.3 allows 10 FortiClient connections for free.

1.6 Supported Operating System The following operating systems are supported:

Microsoft Windows 7 including SP1 (32-bit and 64-bit) Microsoft Windows Vista SP2 (32-bit and 64-bit) Microsoft Windows XP SP3 (32-bit)

1.7 System Requirements FortiClient v4.0 MR3 Patch 3 has the following minimum system requirements:

Microsoft Internet Explorer 8.0 or later Windows compatible computer with Pentium processor or equivalent Compatible Operating System and minimum RAM:

Microsoft Windows 7: 512 MB Microsoft Windows Vista: 512 MB Microsoft Windows XP: 256 MB

600 MB free hard disk space Native Microsoft TCP/IP communication protocol Native Microsoft PPP dialer for dial-up connections Ethernet NIC for network connections Wireless adapter for wireless network connections Adobe Acrobat Reader for user Manual MSI installer 3.0 or later


3 October 27, 2011

2 Special Notices

2.1 General Any IPsec VPN connections created from the FortiClient v4.0 MR3 Patch 3 GUI console are only supported by FortiOS v4.3 or later. To create a compatible tunnel configuration on the FortiGate, go to VPN -> IPsec -> Auto Key (IKE)-> Create FortiClient VPN. See Appendix 7 for detail.

Note: VPN tunnel created on the FortiGate using the Create FortiClient VPN button can only be used with FortiClient v4.3 or later and is not supported for older FortiClient versions.

IMPORTANT! Web Browser Requirement

Microsoft Internet Explorer 8.0 or later

2.2 Reconnect after resuming from Windows Sleep/Hibernate/Standby Any active VPN connection will be disconnected when Windows enters Sleep/Hibernate/Standby mode, user will have to reconnect after Windows resumes.

2.3 Saving login information Due to security reasons FortiClient does not save the passwords of the VPN connections, it will only save the usernames.

2.4 Start VPN before logging on to Windows Use the Start VPN before logging on to Windows setting in conjunction with x509 Certificate Authentication, the certificates must be in the local certificate store.


4 October 27, 2011

3 Upgrade and Installation Information The FortiClient installation package is available in two different formats: an executable installation file and a zipped MSI installation file. See the FortiClient Deployment Guide on creating custom MSI installation packages.

FortiClient v4.0 MR3 Patch 3 supports direct upgrade from FortiClient Connect v4.0 MR3 and FortiClient v4.0 MR3 Patch 1.

Note: Uninstall any previous versions of FortiClient 4.2 or any versions of FortiClient Lite v4.3 before installing FortiClient v4.0 MR3 Patch 3.


5 October 27, 2011

4 Resolved Issues in FortiClient v4.0 MR3 Patch 3 The following issues have been resolved in FortiClient v4.0 MR3 Patch 3:

Description: IPsec VPN cannot automatically disconnect if the Remote Gateway IP address or Pre-shared Key is wrong Bug ID: 146725, 145102

Description: Quick Connect does not work properly after resuming from sleep Bug ID: 150575

Description: x509 certificates in the System Store may fail to authenticate under certain circumstances Bug ID: 149754


6 October 27, 2011

5 Known Issues in FortiClient v4.0 MR3 Patch 3 This section lists the known issues of this release, but is NOT a complete list.

Description: WAN Optimization sometimes can make file transfer over CIFS slower Bug ID: 154627 Status: N/A Workaround: N/A


7 October 27, 2011

6 Image Checksums cbd7cdededc0277c4b0196494eccac93 *FortiClientSetup_4.3.3.0445.exe e805ca237175e497cfe3a9fdfe86b064 *FortiClientSetup_4.3.3.0445.zip 877bd172d8dd7ae70e2fd6282659bbab *FortiClientSetup_4.3.3.0445_x64.exe 53f9fef6a4c306e4fea2a96f808ebe3e *FortiClientSetup_4.3.3.0445_x64.zip 7c6d1fef577085226e35363a7a5cb01d *FortiClientTools_4.3.3.0445.zip d41d8cd98f00b204e9800998ecf8427e *FortiClientV4Md5_build0445.sum f5ada14d344d0d658f4573961b9a8d3d *Readme_1st.txt


8 October 27, 2011

7 Appendix

7.1 IPSec VPN Configuration Instruction for FortiOS v4.0 MR3 Described below are the steps to configure an interface mode IPSec VPN on FortiOS v4.0 MR3. Step 1: On the FortiGate (running v4.0 MR3) go to VPN > IPSec > Auto Key (IKE) page. Step 2: Click on Create FortiClient VPN button. Step 3: Fill the VPN tunnel configuration details on the page and click OK. Step 4: Verify that a Phase1 and Phase2 has been created for the VPN. Step 5: Configure appropriate firewall policies under Firewall > Policy page for VPN traffic.

7.2 IPSec VPN Configuration Instruction for FortiClient v4.0 MR3 Patch 3 Described below are the steps to configure an interface mode IPSec VPN on FortiClient v4.0 MR3 Patch 1 Step 1: Open the FortiClient console and navigate to IPSec VPN main page. Step 2: Click '+' icon on the bottom-left corner to add a new connection. Step 3: Input the following information on the "Add Connection" page.

Connection Name Remote Gateway Authentication Method XAuth Click OK

Step 4: Select the VPN connection from the list and click Connect to establish the IPSec tunnel.

7.3 IPSec VPN Configuration Instruction for FortiOS v4.0 MR2 Described below are the steps to configure an interface mode IPSec VPN on FortiOS v4.0 MR2. Step 1: Create an address name for internal subnet if it doesnt exist yet. (optional) Step 2: Create an user group for FortiClient users on User > User Group web UI page. Step 3: Navigate to VPN > IPsec > Auto Key > Create Phase1 web UI page and input the following information:

Name (i.e. mydialup-phase1) Remote Gateway (i.e. Dialup User) Local Interface (i.e wan1) Mode: Aggressive Authentication Method Enable IPSec Interface Mode option XAUTH: Enable as server User Group: Click OK

Step 4: Navigate to VPN > IPsec > Auto Key > Create Phase2 web UI page and input the following information:

Name (i.e. mydialup-phase2) Phase1: select the phase1 VPN created before (i.e. mydialup-phase1) Click OK


9 October 27, 2011

Step 5: From the FortiGate CLI, enter the following commands: config vpn ipsec phase1-interface

edit set mode-cfg enable set ipv4-start-ip set ipv4-end-ip set ipv4-netmask set ipv4-split-include (optional setting) set ipv4-dns-server1 (optional setting) end Step 6: Configure appropriate firewall policies using Firewall > Policy page for VPN traffic.

(End of Release Notes.)

FortiClient v4.0 MR3 Patch 3 Release Notes

Documents

Transcript of FortiClient v4.0 MR3 Patch 3 Release Notes