I am not normally using Forticlient for anything, but need to use the vpn client for a specific customer. Now the vpn client tries to add local inbound firewall rules to Windows Defender firewall and that causes problems, since we control that firewall with other software. The constant adding/disabling of rules consumes a lot of cpu on the machine. This happens even without any profile, but after profile addition there are more rules that it tries to add.
Any help on how to disable this behaviour, since those inbound rules are not necessary for anything to work, as it seems? Adding inbound openings for a vpn client which should only connect outbound is anyway a bad idea to me security-wise.
Are you using the Forticlient VPN (free version) ?
Could it be that your customers’ EMS (Device management) is adding these rules, as it would on their internal computers?
If yes, check with them
Need to do that too, thanks! Apparently just the basic client adds forticlient console rule without any push from customer.
You’re right. I have the same inbound rule on a test machine, a free, non-managed FortiClient VPN.
As it looks there by default, I’m not sure you can disable it somewhere during the installation.
I know it might be scary, security wise, but I’m not sure if it is that much of a risk.
* The firewall rule matches only for the process FortiClient.exe, which means that an inbound connection will only match if that software is listening on a port and the remote device initiates a connection on that specific port.
* when is the FortiClient listening? Anytime, only during forticlient VPN or EMS connectivity?
* what port is it listening on? specific port, random port?
* would it accept inbound connections from anywhere? Or maybe just the FortiGate (after VPN established) or the EMS server?
* how will the remote client/server be authenticated?
…
There doesn’t seem to be much info about this rule, in the docs & community, so I don’t know actually. Also getting this addressed with Fortinet support needs a paid version of FortiClient, they do not give support for the free version.
So my advise would be to make sure this Firewall rule is allowed as an exception, on your PC, in a controlled way, so both solutions stop fighting about it.
Another solution would be to use a virtual machine in a more isolated environment, for the FortiClient, if you’re afraid of hacking / data leak risks. That VM would then not be able to access your company resources, so you are again more “protected”. But that might be overkill in this case…
Thank you for investigating. We have a security policy that workstations cannot have anything inbound open and this would cause a policy violation, so getting it opened up as an exception is quite difficult. (Edit: clarity)