Fortinet in mobile devices can view all movement on the device

Installing the fortinet vpn on iPhone/pad gave me the following messages:

v
E
All activities? If we answer “no” would it make the apps unusable? Is this a concerned if we use the device for other sensitive communication like banking and remote access to other sites?
rayluvsAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jimmy Larsson, CISSP, CEHNetwork and Security consultantCommented:
What they mean with the first warning is that the people that control the central device that terminates the VPN (the administrator of the fortinet firewall)  can possibly see your network traffic. Use https for further protection.

The second dialogue is a warning that the application will modify outbound emails (to protect you) and that can be visible by the recipient of your emails.

These are warning dialouges from Apple, just to keep their backs free. If you select "dont allow" the FortiClient will probably not work.
0
rayluvsAuthor Commented:
Thanx for the info.

We understand that when we connect to the internet, Mail, etc. with our phone, our ISP provides an IP, Gateway, etc.  If we install a VPN, the apps connects to another remote network (secure connection).  And that traffic is totally on a different IP, Gateway, etc.; thus, the admin of the VPN can only see traffic of the VPN not of the ISP.

At we correct with this? By “network traffic” is the traffic refered to is between what the VPN connect to? Or all data between or my iPhone, including traffic of the IP provided bour ISP?
0
Jimmy Larsson, CISSP, CEHNetwork and Security consultantCommented:
You are right. Just a clarification. Your ISP provides an IP, gateway and such. When you connect directly to internet your source ip will be the ISP-provided. If you use VPN you still use that IP but only to connect to a VPN provider. That means that the VPN provider can see your real IP. If the VPN is setup as a full tunnel (everything is tunneled which is the most common), all your traffic will go encrypted via your ISP ip to the VPN provider and out on internet from that provider.

So instead of everyone being able to see your source ip. now: 1) only your VPN provider will be able to see your source ip and 2) everyone will be able to see the VPN providers public ip.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Make Network Traffic Fast and Furious with SD-WAN

Software-defined WAN (SD-WAN) is a technology that determines the most effective way to route traffic to and from datacenter sites. Register for the webinar today to learn how your business can benefit from SD-WAN!

rayluvsAuthor Commented:
Yes I understand that IP Value per se is seen by a all.  What I meant is more on the network traffic.

For example, prior installing the fortinet apps to the mobile device, we use the device to connect all day to different web sites, say expert-exchange (which has https).  Now, I have to connect to a specific site that uses VPN of fortinet (which they require for their security).  When I install the fortinet apps to the mobile and create the VPN connection to the site, does the admin of THAT site can see the network traffic of my mobile device of sites visited, say the example of our all day connections to expert-exchange? (Hope I am transferring our concerns correctly)
0
Jimmy Larsson, CISSP, CEHNetwork and Security consultantCommented:
You are not using VPN to connect to a web site. You use VPN to connect to a VPN provider. The VPN provider can see everything you do on internet (unless you use https which will encrypt the web traffic (inside of the encrypted VPN traffic) between the browser and the web site.
0
Jimmy Larsson, CISSP, CEHNetwork and Security consultantCommented:
So... if a site requres you to run Fortinet VPN client it sounds like they are *both* VPN provider as well as web service provider. In that case *they* can see everything you can do on that web site as well as the public ip you come from.
0
rayluvsAuthor Commented:
Forgot to mention, the site is not a VPN provider, they are one of our colleagues and wants us to help then in some their financial projects.  Since they use Fortinet firewall hardware, they are incline and require all to connect to their servers or workstations using their Fortinet VPN.  Note, we used to always assist them and using Teamviewer and other remote access apps, but recently they have purchase Fortinet firewall.

The above said, and to make the question more intrusive, if we were to purchase Fortinet firewall hardware and require any users connecting to our computers using forticlient, can we see all their network traffic besides the ones connected to our computers?
0
Jimmy Larsson, CISSP, CEHNetwork and Security consultantCommented:
Well, if they provide you with VPN services they are your VPN provider even though they are collegues. What I wrote still applies. :)

To answer your last question: Yes. You will be able to see where they surf on internet. You will be able to see the content of their web traffic unless it is  https. The only exception to this is if you setup your fortinet and their clients to do "split vpn". In that case only traffic to specific server at your sites are reachable via the vpn tunnel and they will still be able to access internet sites directly. It´s a matter of design and configuration that you decide.
0
rayluvsAuthor Commented:
All the VPNs we have used were for Remote Desktop access.  We never used a VPN ourselves for to navigate or for other VPN purposes.  Since the VPNs we were “required” to use was for Remote Desktop, we never thought that our non-related traffic were always exposed to the other parties.

Anyways, thank you very much for your support, super informative!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Mobile

From novice to tech pro — start learning today.