In FortiOS, endpoint profiles are called FortiClient Compliance profiles. You can import a FortiClient Compliance profile into EMS, then edit the profile in FortiClient EMS to add a FortiClient installer or add configuration information that supports the FortiGate compliance rules.
To import profiles successfully from FortiOS to FortiClient EMS, FortiGate must have the HTTPS port open. In FortiOS, go to Network > Interfaces > Administrative Access and enable the HTTPS checkbox.
- Click Endpoint Profiles > Manage Profiles > Import. The Import Profiles from FortiGate/FortiManager window opens.
- Under Type, select FortiGate.
- Complete the following options, and click Next.
Enter the IP address and port of the FortiGate device from which the profile is being imported, in the format:
Enter a VDOM name from the FortiGate if applicable.
Enter the FortiGate's login username.
Enter the FortiGate's login password.
The list of FortiClient Compliance profiles configured on the FortiGate displays.
Under each profile name is the list of profiles created for different operating systems, such as desktops running a Windows or macOS operating system or devices running an Android operating system. In the example, under the test profile, Android, Desktop, and iOS profiles are listed. You can click the </> icon beside each profile to preview the settings in XML format.
- Select the profiles to import into EMS and click Next.
Select the name of the profile to import all profiles for it into EMS. You can also clear the checkbox beside the profiles you do not want to import into EMS. For example, you can import the Android and desktop profiles, but not the iOS profile for a given profile name.
- Under Synchronization Mode, select one of the following options.
- One Time Pull: If selected, FortiClient EMS does not automatically sync profile changes from the FortiGate. You can manually sync profile changes after importing the profile. See Syncing profile changes.
- Group Schedule: Select to configure a group synchronization schedule for all selected profiles. Select the next date and time to automatically update the profiles, and the profile update interval in days, hours, or seconds.
- Individual Schedule: Select to configure an individual synchronization schedule for each selected profile. Select the next date and time to automatically update each profile, and the profile update interval in days, hours, or seconds.
- Click Import. The selected profiles are imported into EMS and display under the Endpoint Profiles pane in a group named after the FortiGate device from which they were imported.
- In the Endpoint Profiles page, select an imported profile to edit it.
The options configured in the profile by the FortiGate administrator are read-only compliance rules. You cannot change them. You can edit additional options to provide configuration information to support the compliance rules. You can also add a FortiClient installer to the profile by using the Deployment tab. Custom installers can be created. See Adding FortiClient installers.
- Edit the options on the tabs.
- Click Save Profile.