Fortinet black logo

EMS Administration Guide

System Settings

System Settings

The majority of these configuration options are only available for Windows, Mac, and Linux profiles. Options available for Chromebook profiles, such as Upload Logs to FortiAnalyzer/FortiManager, are indicated as such in the table below.

Some options are only available when Advanced view is enabled.

Configuration

Description

UI

Specify how the FortiClient user interface appears when installed on endpoints.

Show Dashboard Banner

Enable the dashboard banner.

Password Lock Configuration

Turn on the password lock for FortiClient.

Password

Type a password.

Do Not Allow User to Back Up Configuration

Enable to not allow users to back up configuration.

Hide System Tray Icon

Enable to hide the system tray icon.

Culture Code

Configure the culture code. Select one of the following:

  • os-default
  • zh-tw
  • cs-cz
  • de-de
  • en-us
  • fr-fr
  • hu-hu
  • ru-ru
  • ja-jp
  • ko-kr
  • pt-br
  • sk-sk
  • es-es
  • zh-cn
  • et-ee
  • lv-lv
  • lt-lt
  • fi-fi
  • sv-se
  • da-dk
  • pl-pl
  • nb-no

Log

Specify FortiClient log settings.

Level

This option is available for Chromebook profiles. Select one of the following:

  • Disabled
  • Emergency: The system becomes unstable.
  • Alert: Immediate action is required.
  • Critical: Functionality is affected.
  • Error: An error condition exists and functionality could be affected.
  • Warning: Functionality could be affected.
  • Notice: Information about normal events.
  • Info: General information about system operations.
  • Debug: Debug FortiClient.

Features

Enable any or all of the following:

  • AntiVirus
  • Application Firewall
  • Telemetry
  • FSSOMA
  • Proxy
  • IPsec VPN
  • SSL VPN
  • Update
  • Vulnerability
  • Web Filter
  • Sandbox

Client-Based Logging When On-Net

Turn on client-based logging when onnet. For information about the onnet feature, see the FortiClient Administration Guide.

Upload Logs to FortiAnalyzer/FortiManager

This option and all nested options are available for Chromebook profiles. Turn on to upload FortiClient logs to the FortiAnalyzer or FortiManager device at the specified address or hostname.

Upload Traffic Logs

Enable to upload traffic logs.

Upload Vulnerability Logs

Enable to upload vulnerability logs.

Upload Event Logs

Enable to upload event logs.

IP Address/Hostname

Enter the IP address or hostname/FQDN. With Chromebook profiles, when connecting to FortiAnalyzer 5.6+, use the format https://FAZ-IP:port/logging. Otherwise, use the format https://FAZ-IP/jsonrpc/fazapi/logs.

SSL Enabled

Enable SSL.

Upload Schedule (minutes)

Configure the upload schedule in minutes.

Log Generation Timeout (seconds)

Configure the log generation timeout in seconds.

Log Retention (days)

Configure the duration of time to retain logs in days.

Compress Logs

Enable to compress logs.

Proxy

Use Proxy for Updates

Enable to use proxy for updates.

Connect to FDN Directly If Proxy Is Offline

Enable to connect to FDN directly if proxy is offline.

Use Proxy for Virus Submission

Enable to use proxy for virus submission.

Type

Configure the type. Options include:

  • http
  • socks4
  • socks5

IP Address/Hostname

Enter IP address/hostname.

Port

Enter the port number.

Username

Enter the username.

Password

Enter the password. Enable Show Password to show the password in plain text.

Update

Specify whether to use FortiManager or Micro-FortiGuard Server for FortiClient to update FortiClient on endpoints

Use FortiManager for Client Software/Signature Update

Turn on to enable FortiClient EMS to obtain antivirus signatures and software updates from the FortiManager or Micro-FortiGuard Server for FortiClient device at the specified IP address or hostname.

IP Address/Hostname

Enter the IP address/hostname.

Port

Enter the port number.

Failover Port

Enter the failover port.

Timeout

Enter the timeout interval.

Failover to FDN When FortiManager Is Not Available

Enable failover to FDN when FortiManager or Micro-FortiGuard Server for FortiClient is not available.

Auto Patch

Enable auto patch.

Update Action

Select one of the following:

  • Notify Only

    The Update Action will be set to Disabled. The Advanced XML configuration should be:

    <update_action>disable</update_action>

  • Download And Install
  • Download Only

Scheduled Updates

Enable to configure the update schedule.

Schedule Type

Select Interval or Daily for your schedule time.

Update Every

Configure the interval.

FortiProxy

Enable FortiProxy (disable only when troubleshooting). You must enable FortiProxy to use the Web Filter options as well as some AntiVirus options.

HTTPS Proxy

Enable HTTPS proxy.

HTTP Timeout

Enter the HTTP timeout interval.

POP3 Client Comforting

Enable POP3 client comforting.

POP3 Server Comforting

Enable POP3 server comforting.

SMTP Client Comforting

Enable SMTP.

Self Test

Enable Self Test. You have the option to Notify the Last Port.

Notify

Enable Notify and enter the last port.

Last Port

Last port number.

Endpoint Control

Specify settings for the endpoints.

Show Bubble Notifications

Enable to show bubble notifications.

Show Profile Details

Enable to show profile details.

Silent Registration

Turn on to enable silent connection of endpoints, which means that endpoints are connected without user interaction. Turn off to require user interaction to connect endpoints.

Log off When User Logs Out of Windows

Turn on to log off FortiClient when the endpoint user logs out of Windows. Turn off to remain logged in.

Disable Unregister

Turn on to forbid users from disconnecting FortiClient from FortiClient EMS. Turn off to allow users to disconnect FortiClient from FortiClient EMS.

Disable FortiGate Switch

Enable to disable FortiGate switch.

Hide Compliance Enforcement Feature Message from Compliance Tab

Enable to hide the compliance encoforcement feature message from the Compliance & Telemetry tab. This option is only enforced on FortiClients connected to FortiClient EMS. This option does not apply to monitored clients.

On-Net Subnets

Turn on to enable on-net subnets.

For details on how FortiClient determines on-net/off-net status, see the FortiClient Administration Guide.

IP Addresses/Subnet Masks

Enter IP addresses/subnet mask to connect to onnet subnets.

Gateway MAC Address

Enable gateway MAC address.

MAC Addresses

Enter MAC addresses.

Other

Install CA Certificate on Client

Turn on to select and install a CA certificate on the FortiClient endpoint.

You can add certificates by going to Administration > CA Certificate Management.

FortiClient Single Sign-On Mobility Agent

Select to enable Single Sign-On Mobility Agent for FortiAuthenticator. To use this feature you need to apply a FortiClient SSO mobility agent license to your FortiAuthenticator device.

IP Address/Hostname

Enter the FortiAuthenticator IP address or hostname.

Port

Enter the port number.

Pre-Shared Key

Enter the pre-shared key. The pre-shared key should match the key configured on your FortiAuthenticator device.

iOS

Distribute Configuration Profile

Enable and browse for your .mobileconfig file to distribute the configuration profile.

System Settings

The majority of these configuration options are only available for Windows, Mac, and Linux profiles. Options available for Chromebook profiles, such as Upload Logs to FortiAnalyzer/FortiManager, are indicated as such in the table below.

Some options are only available when Advanced view is enabled.

Configuration

Description

UI

Specify how the FortiClient user interface appears when installed on endpoints.

Show Dashboard Banner

Enable the dashboard banner.

Password Lock Configuration

Turn on the password lock for FortiClient.

Password

Type a password.

Do Not Allow User to Back Up Configuration

Enable to not allow users to back up configuration.

Hide System Tray Icon

Enable to hide the system tray icon.

Culture Code

Configure the culture code. Select one of the following:

  • os-default
  • zh-tw
  • cs-cz
  • de-de
  • en-us
  • fr-fr
  • hu-hu
  • ru-ru
  • ja-jp
  • ko-kr
  • pt-br
  • sk-sk
  • es-es
  • zh-cn
  • et-ee
  • lv-lv
  • lt-lt
  • fi-fi
  • sv-se
  • da-dk
  • pl-pl
  • nb-no

Log

Specify FortiClient log settings.

Level

This option is available for Chromebook profiles. Select one of the following:

  • Disabled
  • Emergency: The system becomes unstable.
  • Alert: Immediate action is required.
  • Critical: Functionality is affected.
  • Error: An error condition exists and functionality could be affected.
  • Warning: Functionality could be affected.
  • Notice: Information about normal events.
  • Info: General information about system operations.
  • Debug: Debug FortiClient.

Features

Enable any or all of the following:

  • AntiVirus
  • Application Firewall
  • Telemetry
  • FSSOMA
  • Proxy
  • IPsec VPN
  • SSL VPN
  • Update
  • Vulnerability
  • Web Filter
  • Sandbox

Client-Based Logging When On-Net

Turn on client-based logging when onnet. For information about the onnet feature, see the FortiClient Administration Guide.

Upload Logs to FortiAnalyzer/FortiManager

This option and all nested options are available for Chromebook profiles. Turn on to upload FortiClient logs to the FortiAnalyzer or FortiManager device at the specified address or hostname.

Upload Traffic Logs

Enable to upload traffic logs.

Upload Vulnerability Logs

Enable to upload vulnerability logs.

Upload Event Logs

Enable to upload event logs.

IP Address/Hostname

Enter the IP address or hostname/FQDN. With Chromebook profiles, when connecting to FortiAnalyzer 5.6+, use the format https://FAZ-IP:port/logging. Otherwise, use the format https://FAZ-IP/jsonrpc/fazapi/logs.

SSL Enabled

Enable SSL.

Upload Schedule (minutes)

Configure the upload schedule in minutes.

Log Generation Timeout (seconds)

Configure the log generation timeout in seconds.

Log Retention (days)

Configure the duration of time to retain logs in days.

Compress Logs

Enable to compress logs.

Proxy

Use Proxy for Updates

Enable to use proxy for updates.

Connect to FDN Directly If Proxy Is Offline

Enable to connect to FDN directly if proxy is offline.

Use Proxy for Virus Submission

Enable to use proxy for virus submission.

Type

Configure the type. Options include:

  • http
  • socks4
  • socks5

IP Address/Hostname

Enter IP address/hostname.

Port

Enter the port number.

Username

Enter the username.

Password

Enter the password. Enable Show Password to show the password in plain text.

Update

Specify whether to use FortiManager or Micro-FortiGuard Server for FortiClient to update FortiClient on endpoints

Use FortiManager for Client Software/Signature Update

Turn on to enable FortiClient EMS to obtain antivirus signatures and software updates from the FortiManager or Micro-FortiGuard Server for FortiClient device at the specified IP address or hostname.

IP Address/Hostname

Enter the IP address/hostname.

Port

Enter the port number.

Failover Port

Enter the failover port.

Timeout

Enter the timeout interval.

Failover to FDN When FortiManager Is Not Available

Enable failover to FDN when FortiManager or Micro-FortiGuard Server for FortiClient is not available.

Auto Patch

Enable auto patch.

Update Action

Select one of the following:

  • Notify Only

    The Update Action will be set to Disabled. The Advanced XML configuration should be:

    <update_action>disable</update_action>

  • Download And Install
  • Download Only

Scheduled Updates

Enable to configure the update schedule.

Schedule Type

Select Interval or Daily for your schedule time.

Update Every

Configure the interval.

FortiProxy

Enable FortiProxy (disable only when troubleshooting). You must enable FortiProxy to use the Web Filter options as well as some AntiVirus options.

HTTPS Proxy

Enable HTTPS proxy.

HTTP Timeout

Enter the HTTP timeout interval.

POP3 Client Comforting

Enable POP3 client comforting.

POP3 Server Comforting

Enable POP3 server comforting.

SMTP Client Comforting

Enable SMTP.

Self Test

Enable Self Test. You have the option to Notify the Last Port.

Notify

Enable Notify and enter the last port.

Last Port

Last port number.

Endpoint Control

Specify settings for the endpoints.

Show Bubble Notifications

Enable to show bubble notifications.

Show Profile Details

Enable to show profile details.

Silent Registration

Turn on to enable silent connection of endpoints, which means that endpoints are connected without user interaction. Turn off to require user interaction to connect endpoints.

Log off When User Logs Out of Windows

Turn on to log off FortiClient when the endpoint user logs out of Windows. Turn off to remain logged in.

Disable Unregister

Turn on to forbid users from disconnecting FortiClient from FortiClient EMS. Turn off to allow users to disconnect FortiClient from FortiClient EMS.

Disable FortiGate Switch

Enable to disable FortiGate switch.

Hide Compliance Enforcement Feature Message from Compliance Tab

Enable to hide the compliance encoforcement feature message from the Compliance & Telemetry tab. This option is only enforced on FortiClients connected to FortiClient EMS. This option does not apply to monitored clients.

On-Net Subnets

Turn on to enable on-net subnets.

For details on how FortiClient determines on-net/off-net status, see the FortiClient Administration Guide.

IP Addresses/Subnet Masks

Enter IP addresses/subnet mask to connect to onnet subnets.

Gateway MAC Address

Enable gateway MAC address.

MAC Addresses

Enter MAC addresses.

Other

Install CA Certificate on Client

Turn on to select and install a CA certificate on the FortiClient endpoint.

You can add certificates by going to Administration > CA Certificate Management.

FortiClient Single Sign-On Mobility Agent

Select to enable Single Sign-On Mobility Agent for FortiAuthenticator. To use this feature you need to apply a FortiClient SSO mobility agent license to your FortiAuthenticator device.

IP Address/Hostname

Enter the FortiAuthenticator IP address or hostname.

Port

Enter the port number.

Pre-Shared Key

Enter the pre-shared key. The pre-shared key should match the key configured on your FortiAuthenticator device.

iOS

Distribute Configuration Profile

Enable and browse for your .mobileconfig file to distribute the configuration profile.