Fortinet black logo

Use FortiClient Configurator Tool tool for Windows

Copy Link
Copy Doc ID 5fd1448b-bc4e-11e8-8784-00505692583a:823336
Download PDF

Using FortiClient Configurator Tool for Windows

Windows has a hard limit of 260 characters on file path length. It is recommended to run the FortiClient Configurator Tool in a shallow directory structure, such as c:\temp\, to avoid hitting the hard limit.
To create a custom FortiClient installation file:
  1. Double-click the FortiClientConfigurator.exe application file to launch the tool. The Configuration File page displays with the following options.
  2. Select Config File (optional)

    Select a FortiClient configuration file (.conf, .sconf) to include in the installer file.

    Password

    If the FortiClient configuration file is encrypted (.sconf), enter the password used to encrypt the file.

    FortiClient Telemetry Gateway IP List (optional)

    Select a FortiClient Telemetry gateway IP list to include in the installer file.

    Locate and select the FortiClient configuration file on your management computer, and click Next. If you do not want to include settings from a configuration file, click Skip to continue. The Settings page displays.

    The following options are available for custom installations:

    Features to Install

    Security Fabric Agent

    Selected by default to support Fortinet Security Fabric. FortiClient Telemetry is always installed to support integration of FortiClient into the Security Fabric as follows:

    • Participate in compliance
    • Send user ID, avatar, and email address to FortiGate
    • Be managed by EMS

    Along with the Vulnerability Scan component (also included in this agent), this provides the Security Fabric administrators an overview of the endpoint state.

    Clear the checkbox to exclude the Compliance and Vulnerability Scan tabs from the FortiClient installation file.

    Secure Remote Access

    Select to include SSL and IPsec VPN modules in the FortiClient installation file.

    Advanced Persistent Threat (APT) Components

    Select to include FortiSandbox detection and quarantine modules in the FortiClient installation file.

    Additional Security Features

    Select to include one or more of the following modules in the FortiClient installation file:

    • AntiVirus
    • Web Filtering
    • Single Sign On
    • Application Firewall

    Options

    Desktop Shortcut

    Select to create a FortiClient desktop icon on the endpoint.

    Start Menu

    Select to add FortiClient to the start menu on the endpoint.

    Enable Software Update

    Select to enable FortiClient software updates via FortiGuard Distribution Network on endpoints.

    Configure Single Sign-On mobility agent

    Select to configure Singe Sign-On mobility agent for use with FortiAuthenticator. You must select the Single Sign On checkbox in the Features to Install area first.

  3. Select the features to install and options, and click Next to continue.
  4. If you selected the Configure Single Sign-On mobility agent checkbox, the Single Sign-On Mobility Agent Settings page displays.

  5. Configure the following settings:
  6. Server IP/FQDN

    Enter the FortiAuthenticator server's IP address or FQDN.

    Port number

    Enter the port number. The default port is 8001.

    Pre-Shared Key

    Enter the FortiAuthenticator pre-shared key.

    Confirm Pre-Shared Key

    Enter the FortiAuthenticator pre-shared key confirmation.

  7. Click Next to continue. The Package Signing page displays.
  8. Configure the following settings:
  9. Select Code Signing Certificate (optional)

    If you have a code signing certificate, you can use it to digitally sign the installer package this tool generates.

    Password

    If the certificate file is password protected, enter the password.

  10. (Optional) Browse and select the code signing certificate on your management computer. If you do not want to digitally sign the installer package, select Skip to continue. The Execution page displays.
  11. This page provides details of the installer file creation and the location of files for Active Directory deployment and manual distribution. The tool creates files for both 32-bit (x86) and 64-bit (x64) operating systems.

  12. When you click Finish, the folder containing the newly created MSI file will open when the Browse to installation files upon exit checkbox is selected.
  13. Before deploying the custom MSI files, it is recommended that you test the packages to confirm that they install correctly. An .exe installation file is created for manual distribution.
    Installation files are organized in folders within the folder where you placed the .exe file for the FortiClient Configurator Tool. Folder names identify the type of installation files that were created and the creation date.

Using FortiClient Configurator Tool for Windows

Windows has a hard limit of 260 characters on file path length. It is recommended to run the FortiClient Configurator Tool in a shallow directory structure, such as c:\temp\, to avoid hitting the hard limit.
To create a custom FortiClient installation file:
  1. Double-click the FortiClientConfigurator.exe application file to launch the tool. The Configuration File page displays with the following options.
  2. Select Config File (optional)

    Select a FortiClient configuration file (.conf, .sconf) to include in the installer file.

    Password

    If the FortiClient configuration file is encrypted (.sconf), enter the password used to encrypt the file.

    FortiClient Telemetry Gateway IP List (optional)

    Select a FortiClient Telemetry gateway IP list to include in the installer file.

    Locate and select the FortiClient configuration file on your management computer, and click Next. If you do not want to include settings from a configuration file, click Skip to continue. The Settings page displays.

    The following options are available for custom installations:

    Features to Install

    Security Fabric Agent

    Selected by default to support Fortinet Security Fabric. FortiClient Telemetry is always installed to support integration of FortiClient into the Security Fabric as follows:

    • Participate in compliance
    • Send user ID, avatar, and email address to FortiGate
    • Be managed by EMS

    Along with the Vulnerability Scan component (also included in this agent), this provides the Security Fabric administrators an overview of the endpoint state.

    Clear the checkbox to exclude the Compliance and Vulnerability Scan tabs from the FortiClient installation file.

    Secure Remote Access

    Select to include SSL and IPsec VPN modules in the FortiClient installation file.

    Advanced Persistent Threat (APT) Components

    Select to include FortiSandbox detection and quarantine modules in the FortiClient installation file.

    Additional Security Features

    Select to include one or more of the following modules in the FortiClient installation file:

    • AntiVirus
    • Web Filtering
    • Single Sign On
    • Application Firewall

    Options

    Desktop Shortcut

    Select to create a FortiClient desktop icon on the endpoint.

    Start Menu

    Select to add FortiClient to the start menu on the endpoint.

    Enable Software Update

    Select to enable FortiClient software updates via FortiGuard Distribution Network on endpoints.

    Configure Single Sign-On mobility agent

    Select to configure Singe Sign-On mobility agent for use with FortiAuthenticator. You must select the Single Sign On checkbox in the Features to Install area first.

  3. Select the features to install and options, and click Next to continue.
  4. If you selected the Configure Single Sign-On mobility agent checkbox, the Single Sign-On Mobility Agent Settings page displays.

  5. Configure the following settings:
  6. Server IP/FQDN

    Enter the FortiAuthenticator server's IP address or FQDN.

    Port number

    Enter the port number. The default port is 8001.

    Pre-Shared Key

    Enter the FortiAuthenticator pre-shared key.

    Confirm Pre-Shared Key

    Enter the FortiAuthenticator pre-shared key confirmation.

  7. Click Next to continue. The Package Signing page displays.
  8. Configure the following settings:
  9. Select Code Signing Certificate (optional)

    If you have a code signing certificate, you can use it to digitally sign the installer package this tool generates.

    Password

    If the certificate file is password protected, enter the password.

  10. (Optional) Browse and select the code signing certificate on your management computer. If you do not want to digitally sign the installer package, select Skip to continue. The Execution page displays.
  11. This page provides details of the installer file creation and the location of files for Active Directory deployment and manual distribution. The tool creates files for both 32-bit (x86) and 64-bit (x64) operating systems.

  12. When you click Finish, the folder containing the newly created MSI file will open when the Browse to installation files upon exit checkbox is selected.
  13. Before deploying the custom MSI files, it is recommended that you test the packages to confirm that they install correctly. An .exe installation file is created for manual distribution.
    Installation files are organized in folders within the folder where you placed the .exe file for the FortiClient Configurator Tool. Folder names identify the type of installation files that were created and the creation date.