{"id":48,"date":"2020-03-23T20:32:13","date_gmt":"2020-03-23T19:32:13","guid":{"rendered":"https:\/\/whatifsecu.tech\/?p=48"},"modified":"2020-03-23T20:32:13","modified_gmt":"2020-03-23T19:32:13","slug":"optimiser-le-teletravail-via-fortinet-forticlient-ssl-vpn","status":"publish","type":"post","link":"https:\/\/whatifsecu.tech\/?p=48","title":{"rendered":"Optimiser le t\u00e9l\u00e9travail via Fortinet FortiClient SSL VPN"},"content":{"rendered":"\n<p>En cette p\u00e9riode difficile de CoronaVirus, une augmentation significative s&#8217;op\u00e8re sur les acc\u00e8s <strong>vpn pour les t\u00e9l\u00e9travailleurs<\/strong>.<\/p>\n\n\n\n<p>La m\u00e9thode de licensing n\u2019\u00e9tant pas \u00e9vidente, je pense qu\u2019il est bon de r\u00e9capituler les diff\u00e9rents scenarii possibles.<\/p>\n\n\n\n<p>Durant les 5-6 derni\u00e8res ann\u00e9es, Fortinet a apport\u00e9 de\nnombreuses \u00e9volutions sur les fonctionnalit\u00e9s du forticlient.<\/p>\n\n\n\n<p>Au cours de la m\u00eame p\u00e9riode, le licensing du forticlient est devenu bien plus compliqu\u00e9 aussi. Voila de quoi cerner le besoin des partenaires\/clients et leur proposer les bonnes solutions.<\/p>\n\n\n\n<p><strong>Voici les questions \u00e0 se poser\u00a0: <\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>La version du Fortigate\u00a0?<ul><li>5.6<\/li><li>6.0<\/li><li>6.2<\/li><\/ul><\/li><li>Le nombre d&#8217;utilisateurs existants\u00a0? futurs ?<\/li><li>Les fonctionnalit\u00e9s souhait\u00e9s<ul><li>VPN uniquement<\/li><li>V\u00e9rification des postes       de travails (host check)<\/li><li>Conformit\u00e9 (compliance)<\/li><li>Protection du poste       (Endpoint protection : AntiVirus, Anti-Exploit, Web Filtering, Application Firewall)<\/li><li>Management centralis\u00e9 des endpoints<\/li><\/ul><\/li><\/ul>\n\n\n\n<p><strong>1<sup>er<\/sup>\ncas&nbsp;(Acc\u00e8s VPN Uniquement &nbsp;(version &lt; 6.2)) : <\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Le\n     Fortigate est en version <strong>5.6, 6.0 <\/strong>et\n     le client souhaite fournir <strong>un acc\u00e8s vpn<\/strong> pour <strong>30 de\n     ses collaborateurs<\/strong>.<\/li><\/ul>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>La partie VPN est inclus au boitier<\/strong>. Aucune licence est\n     n\u00e9cessaire afin de fournir un acc\u00e8s remote.<\/li><li>Installation du\n     forticlient via le lien suivant&nbsp;: <a href=\"https:\/\/filestore.fortinet.com\/forticlient\/downloads\/FortiClientOnlineInstaller_6.0.exe\">Forticlient<\/a><a href=\"https:\/\/filestore.fortinet.com\/forticlient\/downloads\/FortiClientOnlineInstaller_6.0.exe\">\n     6.0.x \u2013 Windows<\/a><\/li><\/ul>\n\n\n\n<p><strong>Cependant&nbsp;:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Pas de Management\n     centralis\u00e9<\/strong><\/li><li>Afin d\u2019\u00e9viter tout\n     blocage nous conseillons de <a href=\"https:\/\/kb.fortinet.com\/kb\/documentLink.do?externalID=FD40518\">d\u00e9sactiver\n     la partie t\u00e9l\u00e9m\u00e9trie et l\u2019enregistrement des postes.<\/a><\/li><\/ul>\n\n\n\n<p><strong>2\u00e8me\ncas&nbsp;(Acc\u00e8s VPN Uniquement (version 6.2)): <\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Le\n     Fortigate est en version <strong>6.2<\/strong> et le client souhaite fournir <strong>un acc\u00e8s vpn<\/strong> pour\n     <strong>30 de ses collaborateurs<\/strong>.<\/li><\/ul>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>La partie\n     VPN Only est comme dans les anciennes versions, Inclus au boitier<\/strong>. Aucune licence est\n     n\u00e9cessaire si le besoin concerne uniquement un acc\u00e8s remote.<\/li><li>Installation du <a href=\"https:\/\/filestore.fortinet.com\/forticlient\/downloads\/FortiClientVPNOnlineInstaller_6.2.exe\">forticlient\n     VPN Only<\/a><\/li><\/ul>\n\n\n\n<p><strong>Cependant&nbsp;:\n<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>Pas de\n     management centralis\u00e9<\/strong><strong><\/strong><\/li><li>Des fonctionnalit\u00e9s VPN\n     r\u00e9duite au stricte minimum (<strong>pas d\u2019IKEv2,\n     pas d\u2019autoconnections, pas de host check, pas de compliance<\/strong>)<\/li><li><strong>Pas de support<\/strong><\/li><\/ul>\n\n\n\n<p><strong>3\u00e8me cas\n(Acc\u00e8s VPN et v\u00e9rification des postes ( version &lt;6.2)<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Le\n     Fortigate est en version <strong>5.6, 6.0 <\/strong>et\n     le client souhaite fournir <strong>un acc\u00e8s vpn<\/strong> pour <strong>50 de\n     ses collaborateurs <\/strong>tout en gardant<strong>\n     un<\/strong><strong> contr\u00f4le des postes se\n     connectant en VPN.<\/strong><\/li><li>Dans ce cas-l\u00e0 la\n     licence t\u00e9l\u00e9m\u00e9trie est n\u00e9cessaire &nbsp;<strong>(vendu\n     par pack de 100)<\/strong> <strong>( x2 si c\u2019est\n     un cluster)<\/strong>&nbsp;:<\/li><\/ul>\n\n\n\n<table class=\"wp-block-table\"><tbody><tr><td>\n  FC1-10-C1100-151-02-DD\n  <\/td><td>\n  <strong>FortiClient<\/strong> Endpoint <strong>Telemetry<\/strong> &amp; Compliance\n  License subscription for <strong>100 clients<\/strong>. Includes 24&#215;7 support. <br>\n  Note1: Compatible with FortiOS <strong>5.6 and 6.0\n  only<\/strong>; <br>\n  Note2: Refer to the FortiGate documentation for platform restriction and\n  maximum license limit.\n  <\/td><td>\n  \u20ac&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;\n  &nbsp;&nbsp;&nbsp;300 \/year \n  <\/td><\/tr><\/tbody><\/table>\n\n\n\n<p><strong>Cependant&nbsp;:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Pas de management\n     centralis\u00e9 (n\u00e9cessite en plus la SKU&nbsp;: FC1-15-EMS01-158-02-DD)<\/li><\/ul>\n\n\n\n<p><strong>4\u00e8me cas\n(acc\u00e8s VPN et s\u00e9curisation des postes (version 6.2)<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Le\n     fortigate est en version 6.2 et le client souhaite fournir <strong>un acc\u00e8s vpn<\/strong> pour\n     <strong>50 de ses collaborateurs <\/strong>tout en <strong>s\u00e9curisant\n     les postes des t\u00e9l\u00e9travailleurs.<\/strong><\/li><li>Dans ce cas-l\u00e0, la\n     licence suivante est n\u00e9cessaire deux fois <strong>(vendu\n     par pack de 25)<\/strong><\/li><\/ul>\n\n\n\n<table class=\"wp-block-table\"><tbody><tr><td>\n  FC1-15-EMS01-297-02-DD\n  <\/td><td>\n  <strong>FortiClient\n  <\/strong>Security Fabric\n  Agent with EPP license subscription for <strong>25 endpoints<\/strong>. Includes Fabric\n  &amp; <strong>Telemetry<\/strong> &nbsp;Agent, Anti-Malware, Remote Access, Web Filter,\n  Vulnerability Scan, Software Inventory, Application Firewall, SSOMA, Threat\n  Outbreak Detection, Sandbox Agent (On-Prem), Central Management and 24&#215;7\n  Support.\n  <\/td><td>\n  \u20ac&nbsp;&nbsp;\n  &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;250 \/year\n  <\/td><\/tr><\/tbody><\/table>\n\n\n\n<p><strong>Avantage&nbsp;:<\/strong><\/p>\n\n\n\n<p>Le client disposera de l\u2019ensemble\ndes fonctionnalit\u00e9s disponible sur la partie forticlient&nbsp;(sauf sandbox cloud, dans ce cas pr\u00e9f\u00e9rez la sku&nbsp;:\nFC1-15-EMS01-299-02-DD) :<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Management centralis\u00e9<\/li><li>Protection des postes\n     (Antivirus, Filtrage Web, Vuln\u00e9rabilit\u00e9)<\/li><li>V\u00e9rifications des postes<\/li><li>Support<\/li><\/ul>\n\n\n\n<p><strong>Upgrade\net renew<\/strong><\/p>\n\n\n\n<p>Si le client a <strong>l\u2019intention de\nfaire une upgrade<\/strong> vers la version\nFortiOS 6.2 dans les 12 prochains mois, il faut faire un <strong>COTERM<\/strong> (et nous\ndemander le d\u00e9tail)<\/p>\n\n\n\n<p>Si le client a d\u00e9j\u00e0 des licences Telemetry (sans compter les\n10 prem\u00e8res gratuites) et qu\u2019il souhaite donc <strong>augmenter\nl\u2019existant<\/strong> (diff\u00e9rent de 10), il faut faire un <strong>COTERM<\/strong> (et nous\ndemander le d\u00e9tail)<\/p>\n\n\n\n<p><strong>Pour tout\nle reste\u2026.<\/strong><\/p>\n\n\n\n<p>Pour plus d\u2019information, on vous r\u00e9-invite \u00e0 regarder la\nvid\u00e9o et le powerpoint ici&nbsp;: <a href=\"https:\/\/www.exclusive-networks.com\/fr\/fortinet-smb-a-propos\/solutions-fortinet-pour-le-teletravail\/\">https:\/\/www.exclusive-networks.com\/fr\/fortinet-smb-a-propos\/solutions-fortinet-pour-le-teletravail\/<\/a><\/p>\n\n\n\n<p>N\u2019h\u00e9sitez pas \u00e9galement \u00e0 revenir vers nous via l\u2019alias <a href=\"mailto:se_fortinet_fr@exclusive-networks.com\">@FR Fortinet SE<\/a>\nen cas de besoin.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>En cette p\u00e9riode difficile de CoronaVirus, une augmentation significative s&#8217;op\u00e8re sur les acc\u00e8s vpn pour les t\u00e9l\u00e9travailleurs. La m\u00e9thode de licensing n\u2019\u00e9tant pas \u00e9vidente, je pense qu\u2019il est bon de r\u00e9capituler les diff\u00e9rents scenarii possibles. Durant les 5-6 derni\u00e8res ann\u00e9es,&hellip; <a href=\"https:\/\/whatifsecu.tech\/?p=48\" class=\"more-link\">Continue Reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-48","post","type-post","status-publish","format-standard","hentry","category-non-classe"],"_links":{"self":[{"href":"https:\/\/whatifsecu.tech\/index.php?rest_route=\/wp\/v2\/posts\/48","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/whatifsecu.tech\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/whatifsecu.tech\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/whatifsecu.tech\/index.php?rest_route=\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/whatifsecu.tech\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=48"}],"version-history":[{"count":1,"href":"https:\/\/whatifsecu.tech\/index.php?rest_route=\/wp\/v2\/posts\/48\/revisions"}],"predecessor-version":[{"id":49,"href":"https:\/\/whatifsecu.tech\/index.php?rest_route=\/wp\/v2\/posts\/48\/revisions\/49"}],"wp:attachment":[{"href":"https:\/\/whatifsecu.tech\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=48"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/whatifsecu.tech\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=48"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/whatifsecu.tech\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=48"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}