System Settings
The majority of these configuration options are only available for Windows, macOS, and Linux profiles. Options available for Chromebook profiles, such as Upload Logs to FortiAnalyzer/FortiManager, are indicated as such in the table below.
Some options are only available when Advanced view is enabled.
Configuration |
Description |
|
---|---|---|
UI |
Specify how the FortiClient user interface appears when installed on endpoints. |
|
Show Dashboard Banner |
Enable the dashboard banner. |
|
Turn on the password lock for FortiClient. |
||
|
Password |
Enter a password. The endpoint user must enter this password to disconnect FortiClient from EMS. |
Do Not Allow User to Back Up Configuration |
Enable to disallow users from backing up the FortiClient configuration. |
|
Hide System Tray Icon |
Enable to hide the FortiClient system tray icon. |
|
Language |
Configure the language the FortiClient Console uses. By default, FortiClient uses the system operating language. Select one of the following:
|
|
Log |
Specify FortiClient log settings. |
|
Level |
This option is available for Chromebook profiles. Generates logs equal to or more critical than the selected level. Select one of the following:
|
|
Features |
Select features for which logs will be generated:
|
|
Client-Based Logging When On-Net |
Include local log messages when FortiClient is on-net. For information about the on-net feature, see the FortiClient Administration Guide. |
|
Upload Logs to FortiAnalyzer/FortiManager |
This option and all nested options are available for Chromebook profiles. Turn on to configure endpoints to sends logs to the FortiAnalyzer or FortiManager device at the specified address or hostname. |
|
|
Upload Traffic Logs |
Enable to upload traffic logs. |
|
Upload Vulnerability Logs |
Enable to upload vulnerability logs to FortiAnalyzer. |
|
Upload Event Logs |
Enable to upload event logs. |
|
IP Address/Hostname |
Enter the IP address or hostname/FQDN. With Chromebook profiles, when connecting to FortiAnalyzer 5.6+, use the format https://FAZ-IP:port/logging. Otherwise, use the format https://FAZ-IP/jsonrpc/fazapi/logs. If using a port other than the default, use <address>:<port>. |
|
SSL Enabled |
Enable SSL. |
|
Upload Schedule (minutes) |
Configure the upload schedule in minutes. |
|
Log Generation Timeout (seconds) |
Configure the log generation timeout in seconds. |
|
Log Retention (days) |
Configure the duration of time to retain logs in days. |
|
Compress Logs |
Enable to compress logs. |
Proxy |
|
|
Use Proxy for Updates |
Enable to access FortiGuard using the configured proxy. |
|
|
Connect to FDN Directly If Proxy Is Offline |
Enable to connect to FDN directly if proxy is offline. |
Use Proxy for Virus Submission |
Enable to use the configured proxy to submit viruses to FortiGuard. |
|
|
Type |
Configure the type. Options include:
|
|
IP Address/Hostname |
Enter IP address/hostname. |
|
Port |
Enter the port number. |
|
Username |
Enter the username. |
|
Password |
Enter the password. Enable Show Password to show the password in plain text. |
Update |
Specify whether to use FortiManager or Micro-FortiGuard Server for FortiClient to update FortiClient on endpoints |
|
Use FortiManager for Client Software/Signature Update |
Turn on to enable FortiClient EMS to obtain antivirus signatures and software updates from the FortiManager or Micro-FortiGuard Server for FortiClient device at the specified IP address or hostname. |
|
|
IP Address/Hostname |
Enter the IP address/hostname. |
|
Port |
Enter the port number. |
|
Failover Port |
Enter the failover port. |
|
Timeout |
Enter the timeout interval. |
|
Failover to FDN When FortiManager Is Not Available |
Enable failover to FDN when FortiManager or Micro-FortiGuard Server for FortiClient is not available. |
Software Update |
|
Enable to update FortiClient software on endpoints. |
|
Update Action |
Select the option to implement when new software updates are available:
|
Scheduled Updates |
|
Enable to configure the update schedule. |
|
Schedule Type |
Select Interval or Daily for your schedule time. |
|
Update Every |
Configure the interval. |
FortiGuard Server Location |
Configure FortiGuard server location to Nearest or US. If Nearest is selected, the endpoint connects to the FortiGuard server whose IP address is provided by the DNS server. If US is selected, the endpoint can only connect to FortiGuard servers available in the United States and does not attempt to access a FortiGuard server outside the U.S. |
|
FortiProxy |
Enable FortiProxy (disable only when troubleshooting). You must enable FortiProxy to use the Web Filter options as well as some AntiVirus options. |
|
HTTPS Proxy |
Enable HTTPS proxy. If disabled, FortiProxy no longer inspects HTTPS traffic. |
|
|
HTTP Timeout |
Enter the HTTP timeout interval. |
POP3 Client Comforting |
Enable POP3 client comforting. |
|
POP3 Server Comforting |
Enable POP3 server comforting. |
|
SMTP Client Comforting |
Enable SMTP. |
|
Self Test |
Enable Self Test. You have the option to Notify the Last Port. |
|
|
Notify |
Enable Notify and enter the last port. |
|
Last Port |
Last port number. |
Endpoint Control |
Specify settings for the endpoints. |
|
Show Bubble Notifications |
Enable to show bubble notifications. |
|
Show Profile Details |
Enable to show profile details. |
|
Silent Registration |
Turn on to enable silent connection of endpoints, which means that endpoints are connected without user interaction. Turn off to require user interaction to connect endpoints. |
|
Log off When User Logs Out of Windows |
Turn on to log off FortiClient when the endpoint user logs out of Windows. Turn off to remain logged in. |
|
Disable Unregister |
Turn on to forbid users from disconnecting FortiClient from FortiClient EMS. Turn off to allow users to disconnect FortiClient from FortiClient EMS. |
|
|
Disable FortiGate Switch |
Enable to disable FortiGate switch. |
Hide Compliance Enforcement Feature Message from Compliance Tab |
Enable to hide the compliance encoforcement feature message from the Compliance & Telemetry tab. This option is only enforced on FortiClients connected to FortiClient EMS. This option does not apply to monitored clients. |
|
On-Net Subnets |
Turn on to enable on-net subnets. For details on how FortiClient determines on-net/off-net status, see the FortiClient Administration Guide. |
|
|
IP Addresses/Subnet Masks |
Enter IP addresses/subnet mask to connect to on-net subnets. |
|
Enable gateway MAC address. |
|
|
MAC Addresses |
Enter MAC addresses. |
Other |
|
|
Install CA Certificate on Client |
Turn on to select and install a CA certificate on the FortiClient endpoint. You can add certificates by going to Profile Components > Manage CA Certificates. |
|
FortiClient Single Sign-On Mobility Agent |
Select to enable Single Sign-On Mobility Agent for FortiAuthenticator. To use this feature you need to apply a FortiClient SSO mobility agent license to your FortiAuthenticator device. |
|
|
IP Address/Hostname |
Enter the FortiAuthenticator IP address or hostname. |
|
Port |
Enter the port number. |
|
Pre-Shared Key |
Enter the pre-shared key. The pre-shared key should match the key configured on your FortiAuthenticator device. |
iOS |
|
|
Distribute Configuration Profile |
Enable and browse for your |
|
Privacy |
|
|
Send Usage Statistics to Fortinet
|
Submit virus information to FDS. |