V7 Client Deployment
Read ALL sections of this guide BEFORE you attempt to deploy the client (V7) to your devices.
We've included a Troubleshooting Section that includes details on our Client Redirect Tool.
Smoothwall Monitor Client Log Folder Permissions
When you install a V7 client, the installation creates the this folder and all sub folders automatically:
C:\ProgramData\Smoothwall Monitor
The folder is hidden by default. The installation also assigns the MODIFY permission for any login. It must retain this.
Note: If you have any Group Policies or Security Policies that force a designated set of permissions at each subsequent restart and login, this process might overwrite those permissions. Please make sure that you update your policies accordingly.
Antivirus Software Exclusion Settings Checklist
Add these folders to your Antivirus Software exclusion list:
- C:\Program Files\Smoothwall RADAR
- C:\ProgramData\Smoothwall RADAR (hidden by default)
Add these processes to your Antivirus Software exclusion list:
- C:\Program Files\Smoothwall RADAR\fdfclient.exe
- C:\Program Files (x86)\Smoothwall RADAR
- C:\Program Files\Smoothwall RADAR\fdfserver.exe
WAN Security (Proxy/Firewall)
- Check that the correct ports and protocols are available for both the Client and the Client Update Service.
- Check that the Proxy allows the specified executable to connect from the Internet through the correct ports and that the proxy allows connections to the correct IP/dsomains. Refer to your Proxy’s documentation and/or contact the manufacturer to find out how to confirm these settings.
- Check that the perimeter firewall has exceptions for the destination URL and any specified IP Address/Domain Name values listed below.
The specific destination FQDN/IP values usually required for updating Firewall/Proxy rules are as follows:
- autoupdate.fdfhost.org (auto update service)
- s3-eu-west-1.amazonaws.com/fsl.FCclient.package.bucket (auto update download service)
- smtp.sendgrid.net (SMTP alert service)
Ports and Protocols that might require updating or adding to Firewall/Proxy rules are:
Communication | Protocol | Port |
---|---|---|
RADAR Client and RADAR Management Console | HTTPS/SSL (TCP) | 443 |
RADAR iOS Browser RADAR Management Console | HTTPS/SSL (TCP) | 443 |
RADAR Client and Auto Update Administration Service | HTTPS/SSL (TCP) | 443 |
RADAR Client and Auto Update Download Service | HTTPS/SSL (TCP) | 443 |
Between Futures Client and the Futures Cloud SMTP Service | HTTPS/SSL (TCP/UDP) | 465 |
Local Firewall
If you have a local firewall running on a device, for example, Windows Firewall, you need to allow the following client processes:
- C:\Program Files\ Smoothwall RADAR \fdfclient.exe
- C:\Program Files\ Smoothwall RADAR \fdfclient32.exe
- C:\Program Files\ Smoothwall RADAR \fdfserver.exe
V7 Client Installer MSi
- FC70017x32.protocol.FCservername@proxy_port!proxy_id#clientid.msi
- FC70017x64.protocol.FCservername@proxy_port!proxy_id#clientid.msi
The installer contains the latest V7 Client ONLY. You MUST install ALL pre-requisites and you must remove the previous version of Client software (V6 or older) before you deploy the software.
The installer is designed to be deployed to a computer manually OR via Group Policy, with the MSi assigned as a package via the Group Policy Management Editor (Computer Configuration / Policies / Software Settings /Software Installation).
Once successfully installed or assigned, you need to restart the device before the client software initiates.
Renaming a V7 Client installer MSi
Prior to deploying the Client, you MUST RENAME the V7 Client Installer MSi.
Your installation files might have been renamed for you. however, if this is not the case, follow the instructions below.
Note: If you don't use a Proxy, use a transparent Proxy and/or your existing V6 Clients are communicating with your Smoothwall Monitor SS Server and auto updating without issue, you don’t have to specify any Proxy details when renaming your MSi files. Ignore and leave them out of the renaming process. Proxy Port and Proxy IP/DNS values are usually specified in the default browser (LAN Settings).
Central (shared/hosted) Server Installations
Protocol* in use is HTTPS
For this example, the FD Server URL is: https://grangehill.fdfhost.org. The install location is Grange Hill and this site’s unique Client ID is grangehill. Therefore, the Client Installer MSi would be renamed as follows:
From | FCv70519x64.https.yoursite.fdfhost.org#clientID.msi |
---|---|
To | FCv70519x64.https.grangehill.fdfhost.org#grangehill.msi |
Note: Both 32 and 64 MSI’s need to be renamed, if in use.
Installing the V7 Client using a Command Line
You can install the V6 Client silently via a command line or command line driven deployment tool using msiexec.
msiexec /i filename.msi /quiet /qn /norestart
Central (shared/hosted) FD Server Installations
Proxy | msiexec /i FC70014x64.https.grangehill.fdfhost.org@8080!myproxyserver.org#grangehill.msI /quiet /qn /norestart |
---|---|
No Proxy | msiexec /i FC70014x64.https.grangehill.fdfhost.org#grangehill.msi /quiet /qn /norestart |
Third Party Software Installation Pre-requisites
Microsoft’s Visual C++ Redistributable for Visual Studio 2017
You must have the Microsoft Visual C++ 2017 redistributable installed on all target machines.
CPP-2017-Bundle-setup32.msi
You can use a Smoothwall Monitor SS provided MSi installer, which contains the Microsoft redistributable installer (vc.redist.x86.exe) via GPO or manually.
CPP-2017-Bundle-setup64.msi
You can use a Smoothwall Monitor SS provided MSi installer, which contains the Microsoft redistributable installers (vc.redist.x86.exe and vc.redist.x64.exe) via GPO or manually.
vc.redist.x86.exe and vc.redist.x64exe
The Microsoft redistributable installers, which you can use for manual installs. Please note that both the x86 AND x64 installers need applying on a 64-bit machine (operating system).
Microsoft Internet Explorer (IE Browser)
The IE Browser is provided with the Microsoft Operating System and provides certain aspects of Smoothwall Monitor SS client functionality. The IE Browser must remain installed, however, it doesn’t need to be available for general use.
Troubleshooting – Post Installation
Client Not Communicating with the Monitor SS Server
If, after installation, you discover a machine that isn’t visible in the FC Console, you might see the machine but no capture and/or web logs.
Firstly, check for Server URL errors in the following log file: c:\programdata\Smoothwall RADAR\logs\server.txt
If you find an error, please check that you have applied the required exclusions as specified in the WAN Security (Proxy/Firewall) section of this install guide.
Also, please check your MSi name to check it is correctly spelt and formatted etc.
If you find no errors in the monitor.log file, please refer to the “No AUP Displaying, Capture and/or Web Logs Not Displaying” items in this section.
If the machine still does not appear to be communicating correctly, please contact us (support@smoothwall.net) advising:
- Operating System (For example: Windows 8.1 64 bit)
- Smoothwall Monitor SS Client install MSi name in full that you used
- Brief details of the issue
Please also ensure that you zip and attach the following Futures Cloud client log folders:
- C:\programdata\Smoothwall RADAR (hidden by default)
No AUP Displaying, Capture and/or Web Logs Not Displaying
If you’re not seeing an AUP displayed or logs in the Console, check that all the client processes are running.
In Task Manager, ensure that Show processes from all users is selected and check that following processes are running:
- FDFclient.exe
- FDFclient32.exe
- FDFsever.exe
If any of the above processes are not running, please contact us at supportinfo@smoothwall.net.
Tools and Fixes
- Client Redirect Tool
Note: This tool is for V6 or V7 Client Versions.
Usage Guideline
This tool is used to point the client to a designated Smoothwall Monitor SS Server and/or to resolve Client auto-update issues. For example, if an error is made naming your client MSi file prior to deployment, you can run this tool to correct that error. Also, you can use the tool if you discover that clients are not auto-updating. If you need to migrate installed clients to a newly designated Smoothwall Monitor SS Server, you can also use the tool to do this too.
This tool and instructions are included as part of the v7 Client Suite.