![Page 1: Endpoint Control. Module Objectives By the end of this module participants will be able to: Define application detection lists to monitor applications](https://reader031.vdocument.in/reader031/viewer/2022020320/56649e4e5503460f94b45837/html5/thumbnails/1.jpg)
Endpoint Control
![Page 2: Endpoint Control. Module Objectives By the end of this module participants will be able to: Define application detection lists to monitor applications](https://reader031.vdocument.in/reader031/viewer/2022020320/56649e4e5503460f94b45837/html5/thumbnails/2.jpg)
Module Objectives
• By the end of this module participants will be able to:• Define application detection lists to monitor
applications through FortiGate Endpoint Control
• Enforce the use of FortiClient on client computers
• Configure Endpoint Control profiles
• Define firewall policies using Endpoint Control profiles
• Configure vulnerability scanning
![Page 3: Endpoint Control. Module Objectives By the end of this module participants will be able to: Define application detection lists to monitor applications](https://reader031.vdocument.in/reader031/viewer/2022020320/56649e4e5503460f94b45837/html5/thumbnails/3.jpg)
Endpoint Control
Category: Internet browsersVendor: MicrosoftApplication: Internet ExplorerAction: Allow
Category: OfficeVendor: MicrosoftApplication: Office 2010Action: Allow
Category: Media PlayersVendor: AppleApplication: iTunesAction: Deny
Category: EmailVendor: Mozilla Corp.Application: ThunderbirdAction: Monitor
Application Detection List
![Page 4: Endpoint Control. Module Objectives By the end of this module participants will be able to: Define application detection lists to monitor applications](https://reader031.vdocument.in/reader031/viewer/2022020320/56649e4e5503460f94b45837/html5/thumbnails/4.jpg)
Endpoint Control
Category: Internet browsersVendor: MicrosoftApplication: Internet ExplorerAction: Allow
Category: OfficeVendor: MicrosoftApplication: Office 2010Action: Allow
Category: Media PlayersVendor: AppleApplication: iTunesAction: Deny
Category: EmailVendor: Mozilla Corp.Application: ThunderbirdAction: Monitor
Application Detection List
• Endpoint control can be used to enforce compliance of client software running on the client computer• Allow the application
• Bock the application
• Monitor the application
• Warn allow application but display warning
• Applications available for use in application detection lists are predefined on FortiGate unit
![Page 5: Endpoint Control. Module Objectives By the end of this module participants will be able to: Define application detection lists to monitor applications](https://reader031.vdocument.in/reader031/viewer/2022020320/56649e4e5503460f94b45837/html5/thumbnails/5.jpg)
FortiClient Compliance
FortiClient installed and enabled?
FortiClient minimum version?
AV database version?
Application signature database version?
FortiClient
![Page 6: Endpoint Control. Module Objectives By the end of this module participants will be able to: Define application detection lists to monitor applications](https://reader031.vdocument.in/reader031/viewer/2022020320/56649e4e5503460f94b45837/html5/thumbnails/6.jpg)
FortiClient Compliance
FortiClient installed and enabled?
FortiClient minimum version?
AV database version?
Application signature database version?
FortiClient
•Use of FortiClient Endpoint Control can be enforced on the network• Ensure client have most up-to-date
versions of software and signatures
![Page 7: Endpoint Control. Module Objectives By the end of this module participants will be able to: Define application detection lists to monitor applications](https://reader031.vdocument.in/reader031/viewer/2022020320/56649e4e5503460f94b45837/html5/thumbnails/7.jpg)
FortiClient Compliance
![Page 8: Endpoint Control. Module Objectives By the end of this module participants will be able to: Define application detection lists to monitor applications](https://reader031.vdocument.in/reader031/viewer/2022020320/56649e4e5503460f94b45837/html5/thumbnails/8.jpg)
Application Detection Entry
Condition:
InstalledRunningNot installedNot running
Action:
AllowBlockMonitorWarn
![Page 9: Endpoint Control. Module Objectives By the end of this module participants will be able to: Define application detection lists to monitor applications](https://reader031.vdocument.in/reader031/viewer/2022020320/56649e4e5503460f94b45837/html5/thumbnails/9.jpg)
AllowBlockMonitorWarn
Application Detection Entry
Condition:
InstalledRunningNot installedNot running
Action:
• Application detection entries define the applications to be detected and the action to be taken• Endpoint Profiles can contain multiple application entries•Optionally, specify the action to be
taken on endpoints that have applications installed that are not on the detection list
![Page 10: Endpoint Control. Module Objectives By the end of this module participants will be able to: Define application detection lists to monitor applications](https://reader031.vdocument.in/reader031/viewer/2022020320/56649e4e5503460f94b45837/html5/thumbnails/10.jpg)
Endpoint Control Profile
![Page 11: Endpoint Control. Module Objectives By the end of this module participants will be able to: Define application detection lists to monitor applications](https://reader031.vdocument.in/reader031/viewer/2022020320/56649e4e5503460f94b45837/html5/thumbnails/11.jpg)
Endpoint Control Profile
• Endpoint operations defined through Endpoint control profiles
•Define FortiClient enforcement settings
• Specify an application detection list
![Page 12: Endpoint Control. Module Objectives By the end of this module participants will be able to: Define application detection lists to monitor applications](https://reader031.vdocument.in/reader031/viewer/2022020320/56649e4e5503460f94b45837/html5/thumbnails/12.jpg)
Endpoint Control ProfileApplication Detection List
Firewall policy
Endpoint Control Profile: Endpoint_Profile_Example
![Page 13: Endpoint Control. Module Objectives By the end of this module participants will be able to: Define application detection lists to monitor applications](https://reader031.vdocument.in/reader031/viewer/2022020320/56649e4e5503460f94b45837/html5/thumbnails/13.jpg)
Endpoint Control ProfileApplication Detection List: Sample_Endpoint_List
Firewall policy
Endpoint Control Profile: Sample_Endpoint_Profile• Application Detection List applied through Endpoint profile• Profile in turn applied to firewall policy• Any traffic being examined by the
policy will have the application control operations applied to it
![Page 14: Endpoint Control. Module Objectives By the end of this module participants will be able to: Define application detection lists to monitor applications](https://reader031.vdocument.in/reader031/viewer/2022020320/56649e4e5503460f94b45837/html5/thumbnails/14.jpg)
Monitoring Endpoints
Compliant Non-Compliant
![Page 15: Endpoint Control. Module Objectives By the end of this module participants will be able to: Define application detection lists to monitor applications](https://reader031.vdocument.in/reader031/viewer/2022020320/56649e4e5503460f94b45837/html5/thumbnails/15.jpg)
Monitoring Endpoints
Compliant Non-Compliant• Endpoint Monitor displays a list of compliant and non-compliant client and server computers• Computers remain on list until FortiGate unit is restarted• Entry updated every time client or server computer attempts to access network services through the FortiGate unit
![Page 16: Endpoint Control. Module Objectives By the end of this module participants will be able to: Define application detection lists to monitor applications](https://reader031.vdocument.in/reader031/viewer/2022020320/56649e4e5503460f94b45837/html5/thumbnails/16.jpg)
Vulnerability Scanning
FortiGuard Vulnerability Compliance and Management Service
![Page 17: Endpoint Control. Module Objectives By the end of this module participants will be able to: Define application detection lists to monitor applications](https://reader031.vdocument.in/reader031/viewer/2022020320/56649e4e5503460f94b45837/html5/thumbnails/17.jpg)
Vulnerability Scanning
FortiGuard Vulnerability Compliance and Management Service
• Scan for vulnerabilities on clients and servers• Determines whether client computers
are vulnerable to attack
• FortiGuard Vulnerability Compliance and Management Service provides a database of common vulnerabilities • Kept up-to-date through a subscription
service
![Page 18: Endpoint Control. Module Objectives By the end of this module participants will be able to: Define application detection lists to monitor applications](https://reader031.vdocument.in/reader031/viewer/2022020320/56649e4e5503460f94b45837/html5/thumbnails/18.jpg)
Asset Definition
Identify individual hosts to be scanned by IP addressDiscover hosts to be scanned by identifyingan IP address range
192.168.100 - 192.168.1.254
![Page 19: Endpoint Control. Module Objectives By the end of this module participants will be able to: Define application detection lists to monitor applications](https://reader031.vdocument.in/reader031/viewer/2022020320/56649e4e5503460f94b45837/html5/thumbnails/19.jpg)
Asset Definition
Identify individual hosts to be scanned by IP addressDiscover hosts to be scanned by identifyingan IP address range
192.168.100 - 192.168.1.254
• Administrator must identify the clients and servers to include in a vulnerability scan• Identify computers to be scanned by
specific IP address
• Discover computers to be scanned by identifying a range of IP addresses
![Page 20: Endpoint Control. Module Objectives By the end of this module participants will be able to: Define application detection lists to monitor applications](https://reader031.vdocument.in/reader031/viewer/2022020320/56649e4e5503460f94b45837/html5/thumbnails/20.jpg)
Scan Schedule
![Page 21: Endpoint Control. Module Objectives By the end of this module participants will be able to: Define application detection lists to monitor applications](https://reader031.vdocument.in/reader031/viewer/2022020320/56649e4e5503460f94b45837/html5/thumbnails/21.jpg)
Scan Schedule
• Any client and server computers displayed in the asset list can be scanned regularly based on the schedule settings• Scan modes:• Full
• Standard
• Quick
![Page 22: Endpoint Control. Module Objectives By the end of this module participants will be able to: Define application detection lists to monitor applications](https://reader031.vdocument.in/reader031/viewer/2022020320/56649e4e5503460f94b45837/html5/thumbnails/22.jpg)
Student Resources
Click here to view the list of resources used in this module