Fortinet - Home office with FortiClient and FortiGate

The correct handling of the new type of corona virus (COVID-19) has been a constant preoccupation of politicians, business and society worldwide in recent weeks. Die Schulen bleiben in vielen Bundesländern vorerst bis zu den Osterferien geschlossen, Bayern verhängt gar ein Verbot für jegliche Besuche in Alten- und Pflegeheimen. But many companies also see themselves obliged to offer their employees possibilities to reduce the risk of infection.

In this context, the topic of "home office" is increasingly being discussed, so that everyday business does not come to a complete standstill despite the absence of the employees. The big problem is that devices are set up outside the company and connected to the company network. This increases the attack surface for cyber criminals.

Basically, it is necessary to establish a secure connection between employees and the company network. Here, the manufacturer Fortinet offers an elegant solution: the basic functionality of every FortiGate includes the connection of external end devices with the help of the FortiClient. No additional licence needs to be purchased for this - the only bottleneck is the throughput rate of the respective FortiGate or the company's Internet connection.

However, it must be noted that the FortiClient can only establish a software-supported VPN connection for an end device. If, for example, a VoIP telephone system is also to be connected in addition to the end device, a hardware-supported VPN must be set up with a second FortiGate.

The FortiClient can establish an encrypted connection with the FortiGate using both SSL and IPSec. A hardware-based connection from FortiGate to FortiGate is realised exclusively with IPSec.

In both cases, a VPN connection should always be additionally protected by two-factor authentication. Here, too, Fortinet offers a simple solution with the FortiToken. Here, too, FortiTokens can be used both as hardware and software tokens for Android and iOS. Moreover, FortiTokens do not have to be subsequently licensed.

If even more security is desired, the functionality of the FortiClient can be extended by a whole arsenal of security features. For example, it can be checked whether the end device meets the applicable IT security compliance guidelines, or the FortiClient can be used as a fully-fledged endpoint protection.

If you are interested or have any questions about the IT security solutions presented here, please feel free to contact us, as always, by phone at +49 228 333 888 9 0 or by e-mail at info@enbitcon.de.

We will be happy to advise you!