UI
|
Specify how the FortiClient user interface appears when installed on endpoints.
|
Show Dashboard Banner
|
Enable the dashboard banner.
|
Require Password to Disconnect from EMS
|
Turn on the password lock for FortiClient.
|
|
Password
|
Type a password.
|
Do Not Allow User to Back Up Configuration
|
Enable to not allow users to back up configuration.
|
Hide System Tray Icon
|
Enable to hide the system tray icon.
|
Language
|
Configure the language used by the FortiClient Console. The default is the system operating language. Select one of the following:
- os-default
- zh-tw
- cs-cz
- de-de
- en-us
- fr-fr
- hu-hu
- ru-ru
- ja-jp
- ko-kr
- pt-br
- sk-sk
- es-es
- zh-cn
- et-ee
- lv-lv
- lt-lt
- fi-fi
- sv-se
- da-dk
- pl-pl
- nb-no
|
Log
|
Specify FortiClient log settings.
|
Level
|
This option is available for Chromebook profiles. Generates logs equal to or more critical than the selected level. Select one of the following:
- Disabled
- Emergency: The system becomes unstable.
- Alert: Immediate action is required.
- Critical: Functionality is affected.
- Error: An error condition exists and functionality could be affected.
- Warning: Functionality could be affected.
- Notice: Information about normal events.
- Info: General information about system operations.
- Debug: Debug FortiClient.
|
Features
|
Select features for which logs will be generated:
- AntiVirus
- Application Firewall
- Telemetry
- FSSOMA
- Proxy
- IPsec VPN
- SSL VPN
- Update
- Vulnerability
- Web Filter
- Sandbox
|
Client-Based Logging When On-Net
|
Include local log messages when FortiClient is on-net. For
information about the on-net feature, see the FortiClient Administration
Guide.
|
Upload Logs to
FortiAnalyzer/FortiManager
|
This option and all nested options are available for Chromebook profiles. Turn on to configure endpoints to sends logs to the FortiAnalyzer or FortiManager device at the
specified address or hostname.
|
|
Upload Traffic Logs
|
Enable to upload traffic logs.
|
|
Upload Vulnerability Logs
|
Enable to upload vulnerability logs to FortiAnalyzer.
|
|
Upload Event Logs
|
Enable to upload event logs.
|
|
IP Address/Hostname
|
Enter the IP address or hostname/FQDN.
With Chromebook profiles, when connecting to FortiAnalyzer 5.6+, use the format https://FAZ-IP:port/logging.
Otherwise, use the format https://FAZ-IP/jsonrpc/fazapi/logs.
If using a port other than the default, use <address>:<port>.
|
|
SSL Enabled
|
Enable SSL.
|
|
Upload Schedule (minutes)
|
Configure the upload schedule in minutes.
|
|
Log Generation Timeout (seconds)
|
Configure the log generation timeout in seconds.
|
|
Log Retention (days)
|
Configure the duration of time to retain logs in days.
|
|
Compress Logs
|
Enable to compress logs.
|
Proxy
|
|
|
Use Proxy for Updates
|
Enable to access FortiGuard using the configured proxy.
|
|
Connect to FDN Directly If Proxy Is Offline
|
Enable to connect to FDN directly if proxy is offline.
|
Use Proxy for Virus Submission
|
Enable to use the configured proxy to submit viruses to FortiGuard.
|
|
Type
|
Configure the type. Options include:
|
|
IP Address/Hostname
|
Enter IP address/hostname.
|
|
Port
|
Enter the port number.
|
|
Username
|
Enter the username.
|
|
Password
|
Enter the password. Enable Show Password to show the
password in plain text.
|
Update
|
Specify whether to use FortiManager or Micro-FortiGuard Server for FortiClient to update FortiClient on endpoints
|
Use FortiManager
for Client Software/Signature
Update
|
Turn on to enable FortiClient EMS to obtain antivirus signatures and software
updates from the FortiManager or Micro-FortiGuard Server for FortiClient device at the specified IP address or hostname.
|
|
IP Address/Hostname
|
Enter the IP address/hostname.
|
|
Port
|
Enter the port number.
|
|
Failover Port
|
Enter the failover port.
|
|
Timeout
|
Enter the timeout interval.
|
|
Failover to FDN When FortiManager Is Not Available
|
Enable failover to FDN when FortiManager or Micro-FortiGuard Server for FortiClient is not available.
|
Software Update
|
|
Enable to update FortiClient software on endpoints.
|
|
Update Action
|
Select the option to implement when new software updates are available:
|
Scheduled Updates
|
|
Enable to configure the update schedule.
|
|
Schedule Type
|
Select Interval or Daily for your schedule time.
|
|
Update Every
|
Configure the interval.
|
FortiGuard Server Location
|
Configure FortiGuard server location to Nearest or US.
If Nearest is selected, the endpoint connects to the FortiGuard server whose IP address is provided by the DNS server.
If US is selected, the endpoint can only connect to FortiGuard servers available in the United States and does not attempt to access a FortiGuard server outside the U.S.
|
FortiProxy
|
Enable FortiProxy (disable only when troubleshooting). You must enable FortiProxy to use the Web Filter options as well as some AntiVirus options.
|
HTTPS Proxy
|
Enable HTTPS proxy. If disabled, FortiProxy no longer inspects HTTPS traffic.
|
|
HTTP Timeout
|
Enter the HTTP timeout interval.
|
POP3 Client Comforting
|
Enable POP3 client comforting.
|
POP3 Server Comforting
|
Enable POP3 server comforting.
|
SMTP Client Comforting
|
Enable SMTP.
|
Self Test
|
Enable Self Test. You have the option to Notify the Last Port.
|
|
Notify
|
Enable Notify and enter the last port.
|
|
Last Port
|
Last port number.
|
Endpoint Control
|
Specify settings for the endpoints.
|
Show Bubble Notifications
|
Enable to show bubble notifications.
|
Show Profile Details
|
Enable to show profile details.
|
Silent Registration
|
Turn on to enable silent connection of endpoints, which means that endpoints are
connected without user interaction. Turn off to require user interaction to connect
endpoints.
|
Log off When User Logs Out of Windows
|
Turn on to log off FortiClient when the endpoint user logs out of Windows. Turn off
to remain logged in.
|
Disable Unregister
|
Turn on to forbid users from disconnecting FortiClient from FortiClient EMS. Turn off
to allow users to disconnect FortiClient from FortiClient EMS.
|
|
Disable FortiGate Switch
|
Enable to disable FortiGate switch.
|
Hide Compliance Enforcement Feature Message from Compliance Tab
|
Enable to hide the compliance encoforcement feature message from the Compliance & Telemetry tab. This option is only enforced on FortiClients connected to FortiClient EMS. This option does not apply to monitored clients.
|
On-Net Subnets
|
Turn on to enable on-net subnets.
For details on how FortiClient determines on-net/off-net status, see the FortiClient Administration Guide.
|
|
IP Addresses/Subnet Masks
|
Enter IP addresses/subnet mask to connect to on-net subnets.
|
|
Gateway MAC Address
|
Enable gateway MAC address.
|
|
MAC Addresses
|
Enter MAC addresses.
|
Other
|
|
Install CA Certificate on Client
|
Turn on to select and install a CA certificate on the FortiClient endpoint.
You can add certificates by going to Profile Components > Manage CA Certificates.
|
FortiClient Single Sign-On Mobility
Agent
|
Select to enable Single Sign-On Mobility Agent for FortiAuthenticator. To use this feature you need to apply a FortiClient SSO mobility agent license to your FortiAuthenticator device.
|
|
IP Address/Hostname
|
Enter the FortiAuthenticator IP address or hostname.
|
|
Port
|
Enter the port number.
|
|
Pre-Shared Key
|
Enter the pre-shared key. The pre-shared key should match the key configured on your FortiAuthenticator device.
|
iOS
|
|
Distribute Configuration Profile
|
Enable and browse for your .mobileconfig file to distribute the configuration profile.
|
Privacy
|
|
|
Send Usage Statistics to Fortinet
|
Submit virus information to FDS.
|