Fortinet black logo

Creating a Mobileconfig profile

Copy Link
Copy Doc ID 21cbd45b-031e-11e9-b86b-00505692583a:707607
Download PDF

Creating a Mobileconfig profile

To enable web filtering, the iOS device must be supervised and you must install a Mobileconfig profile with a content filter on the device. The following is required to install a mobileconfig profile:

  • Apple Configurator 2 (or equivalent mobile device management (MDM) application) installed.
  • iOS devices are supervised.

You can find Instructions on how to supervise your iOS devices on the Apple Configurator 2 Help (or your MDM application) website.

To create a mobileconfig profile for FortiClient web filtering:
  1. Launch Apple Configurator 2.
  2. Go to File > New Profile.
  3. Enter a Name for the profile.
  4. Select Content Filter from the left panel.

  5. Click Configure.
  6. Select Plugin (Third Party App) from the Filter Type dropdown list.
  7. Configure the following:

    Filter Name

    FortiClient

    Identifier

    com.fortinet.forticlient

    Service Address

    fgd1.fortigate.com

    Organization

    Fortinet, Inc.

    User Name

    You can use this field to specify the EMS (IP address or FQDN), port, and connection key (optional). For example, the following string allows FortiClient iOS to connect to the EMS at ems.example.com at port 8013, with key “ConnectionKey”:

    ems.example.com:8013 ConnectionKey

    Filter WebKit Traffic

    Select the Filter WebKit Traffic checkbox.

    Filter Socket Traffic

    Select the Filter Socket Traffic checkbox.

  8. Click Save.
note icon

Due to restrictions that Apple set, you must launch FortiClient iOS once before the configuration takes effect. You can use FortiGate compliance enforcement to ensure users launch FortiClient iOS before browsing the Internet. For details, see FortiClient Compliance Profiles in the FortiOS Handbook.

Creating a Mobileconfig profile

To enable web filtering, the iOS device must be supervised and you must install a Mobileconfig profile with a content filter on the device. The following is required to install a mobileconfig profile:

  • Apple Configurator 2 (or equivalent mobile device management (MDM) application) installed.
  • iOS devices are supervised.

You can find Instructions on how to supervise your iOS devices on the Apple Configurator 2 Help (or your MDM application) website.

To create a mobileconfig profile for FortiClient web filtering:
  1. Launch Apple Configurator 2.
  2. Go to File > New Profile.
  3. Enter a Name for the profile.
  4. Select Content Filter from the left panel.

  5. Click Configure.
  6. Select Plugin (Third Party App) from the Filter Type dropdown list.
  7. Configure the following:

    Filter Name

    FortiClient

    Identifier

    com.fortinet.forticlient

    Service Address

    fgd1.fortigate.com

    Organization

    Fortinet, Inc.

    User Name

    You can use this field to specify the EMS (IP address or FQDN), port, and connection key (optional). For example, the following string allows FortiClient iOS to connect to the EMS at ems.example.com at port 8013, with key “ConnectionKey”:

    ems.example.com:8013 ConnectionKey

    Filter WebKit Traffic

    Select the Filter WebKit Traffic checkbox.

    Filter Socket Traffic

    Select the Filter Socket Traffic checkbox.

  8. Click Save.
note icon

Due to restrictions that Apple set, you must launch FortiClient iOS once before the configuration takes effect. You can use FortiGate compliance enforcement to ensure users launch FortiClient iOS before browsing the Internet. For details, see FortiClient Compliance Profiles in the FortiOS Handbook.