Fortinet black logo

Administration Guide

FortiClient support and ADOMs

FortiClient support and ADOMs

FortiClient logs are stored in the device that the FortiClient endpoint is registered to.

For example, when endpoints are registered to a FortiGate device, FortiClient logs are viewed on the FortiGate device. When endpoints are registered to a FortiClient EMS, FortiClient logs are viewed in the FortiClient ADOM that the FortiClient EMS device is added to.

ADOMs must be enabled to support FortiClient EMS devices.

Merge FortiAnalyzer Logging Support for FortiClient EMS for Chromebooks

  1. Add http-logging and https-logging to the allowaccess list using the following CLI command:

    config system interface

    edit "port1"

    set allowaccess https ssh http http-logging https-logging

    next

    end

  2. Add SSL certificate to enable communication.

    An SSL certificate is required to support communication and send logs between FortiClient Web Filter extension and FortiAnalyzer. If you use a public SSL certificate, you only need to add the public SSL certificate to FortiAnalyzer.

    However, if you prefer to use a certificate that is not from a common CA, you must add the SSL certificate to FortiAnalyzer, and you must push the root CA of your certificate to the Google Chromebooks. Otherwise, the HTTPS connection between the FortiClient EMS Chromebook Web Filter extension and FortiAnalyzer will not work. The common name of the certificate must be the FortiAnalyzer IP address.

    1. In FortiAnalyzer, go to System Settings > Certificates > Local Certificates.
    2. Click Import. The Import Local Certificate dialog box appears.
    3. In the Type list, select Certificate. Or,

      In the Type list, select PKCS#12 Certificate to upload the certificate in PK12 format.

    4. Beside the Certificate File field, click Browse to select the certificate.
    5. Enter the password and certificate name.
    6. Click OK.
  3. Select certificates for HTTPS connections:
    1. In FortiAnalyzer, go to System Settings > Admin > Admin Settings.
    2. In the HTTPS & Web Service Certificate box, select the certificate you want to use for HTTPS connections, and click Apply.
  4. Enable the FortiClient ADOM using the following CLI command:

    conf sys global

    set adom-status enable

    end

  5. Add FortiClient EMS for Chromebooks as a device to the FortiClient ADOM:

    Go to Device Manager > click the + Add Device button to add FortiClient EMS for Chromebooks as a FortiClient ADOM device.

  6. Enable logging in FortiClient EMS for Chromebooks:

    You will need to enable logging in FortiClient EMS for Chromebooks, see the FortiClient EMS for Chromebooks Administration Guide for more information.

FortiClient support and ADOMs

FortiClient logs are stored in the device that the FortiClient endpoint is registered to.

For example, when endpoints are registered to a FortiGate device, FortiClient logs are viewed on the FortiGate device. When endpoints are registered to a FortiClient EMS, FortiClient logs are viewed in the FortiClient ADOM that the FortiClient EMS device is added to.

ADOMs must be enabled to support FortiClient EMS devices.

Merge FortiAnalyzer Logging Support for FortiClient EMS for Chromebooks

  1. Add http-logging and https-logging to the allowaccess list using the following CLI command:

    config system interface

    edit "port1"

    set allowaccess https ssh http http-logging https-logging

    next

    end

  2. Add SSL certificate to enable communication.

    An SSL certificate is required to support communication and send logs between FortiClient Web Filter extension and FortiAnalyzer. If you use a public SSL certificate, you only need to add the public SSL certificate to FortiAnalyzer.

    However, if you prefer to use a certificate that is not from a common CA, you must add the SSL certificate to FortiAnalyzer, and you must push the root CA of your certificate to the Google Chromebooks. Otherwise, the HTTPS connection between the FortiClient EMS Chromebook Web Filter extension and FortiAnalyzer will not work. The common name of the certificate must be the FortiAnalyzer IP address.

    1. In FortiAnalyzer, go to System Settings > Certificates > Local Certificates.
    2. Click Import. The Import Local Certificate dialog box appears.
    3. In the Type list, select Certificate. Or,

      In the Type list, select PKCS#12 Certificate to upload the certificate in PK12 format.

    4. Beside the Certificate File field, click Browse to select the certificate.
    5. Enter the password and certificate name.
    6. Click OK.
  3. Select certificates for HTTPS connections:
    1. In FortiAnalyzer, go to System Settings > Admin > Admin Settings.
    2. In the HTTPS & Web Service Certificate box, select the certificate you want to use for HTTPS connections, and click Apply.
  4. Enable the FortiClient ADOM using the following CLI command:

    conf sys global

    set adom-status enable

    end

  5. Add FortiClient EMS for Chromebooks as a device to the FortiClient ADOM:

    Go to Device Manager > click the + Add Device button to add FortiClient EMS for Chromebooks as a FortiClient ADOM device.

  6. Enable logging in FortiClient EMS for Chromebooks:

    You will need to enable logging in FortiClient EMS for Chromebooks, see the FortiClient EMS for Chromebooks Administration Guide for more information.