Creating a Mobileconfig profile
To enable web filtering, the iOS device must be supervised and you must install a Mobileconfig profile with a content filter on the device. The following is required to install a mobileconfig profile:
- Apple Configurator 2 (or equivalent mobile device management (MDM) application) installed.
- iOS devices are supervised.
You can find Instructions on how to supervise your iOS devices on the Apple Configurator 2 Help (or your MDM application) website.
To create a mobileconfig profile for FortiClient web filtering:
- Launch Apple Configurator 2.
- Go to File > New Profile.
- Enter a Name for the profile.
- Select Content Filter from the left panel.
- Click Configure.
- Select Plugin (Third Party App) from the Filter Type dropdown list.
- Configure the following:
Filter Name
FortiClient
Identifier
com.fortinet.forticlient
Service Address
fgd1.fortigate.com
Organization
Fortinet, Inc.
User Name
You can use this field to specify the EMS (IP address or FQDN), port, and connection key (optional). For example, the following string allows FortiClient iOS to connect to the EMS at ems.example.com at port 8013, with key “ConnectionKey”:
ems.example.com:8013 ConnectionKey
Filter WebKit Traffic
Select the Filter WebKit Traffic checkbox.
Filter Socket Traffic
Select the Filter Socket Traffic checkbox.
- Click Save.
Due to restrictions that Apple set, you must launch FortiClient iOS once before the configuration takes effect. You can use FortiGate compliance enforcement to ensure users launch FortiClient iOS before browsing the Internet. For details, see FortiClient Compliance Profiles in the FortiOS Handbook. |