Forticlient is initially installed via a script like Vipre. Agent updates and def updates are handled differently. Updates are pulled from the FortiManager appliance as I previously described. Forticlient is great for remote users since all I need do is open 443 on the firewall to the appliance. I'm not having any issue with PCs in AD. These are a number of PCs in stand-alone workgroups at locations I don't manage (we have staff at locations that contract to us), so I don't have control over the security settings on those networks, so if ports are blocked, that's out of my control. Some are at locations I manage, but they are over a VPN and there might be something with the tunnels I have to consider. I don't consider Forticlient better that Vipre, just different, as it allows me to control content policies to mirror those on my firewalls. But, I have 200 or so Forticlient installations and they work fine. No upgrade issues, but the mechanism is different. And I'm tired of having this issue each time I major agent rev updates are out. Still working with support, so we'll see what happens. Tom Miller Engineer, Information Technology Hampton-Newport News Community Services Board 757-788-0528
>>> Kurt Buff <[email protected]> 12/18/2011 12:31 PM >>> On Sat, Dec 17, 2011 at 15:48, Tom Miller <[email protected]> wrote: > In terms of the update mechanism for PCs in work groups (we have 50 or so at > various locations), Vipre support instructs that the local admin,password, > and machine name be specified in a central console. I don't recall doing > this when I had SAV, and it's a pain. I did that - still no updates. I created a service account, called _vipre, and put it in an AD group called workstationAdmins. I then pushed that group to the workstations' local Administrators' groups with an additive GPO. Took about 10 minutes. > Support told me you need to be able to map a drive to \\pcname\c$, which > internally is fine with credentials, but via VPN or just remote user at > locations we don't manage, I don't see how this would work. Is this working > for you other Vipre users with stand alone PCs at remote locations? I must > be missing something. Yes, it does sound like you're missing something - control over your environment. You have responsibility with no authority. You must gain authority, or shed responsibility. > I use managed Forticlient A/V suite for most of our laptops, and I know I > don't have to configure any of this. For Forticlient, the agent just > communicates via port 80/443 to the FortiManager appliance, and the upgrades > run without issue. These are all remote PCs at sites we don't manage. I'm > about to just put Forticlient on these other PCs and be done with it and > just use Vipre for LAN/WAN sites. How is the Forticlient software installed on those machines? VIPRE communicates over ports 18082 and 18086 by default, and is installed in any of a number of ways. You can do a push deployment from the server using the console, which requires an administrator-level password in common across the machines you manage, or you can use the server console to produce a standalone package with the policy settings you've configured, which can then be installed manually or via a script or via group policy in Active Directory. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin Confidentiality Notice: This e-mail message, including attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
