FortiClient feature recommendations
When creating installers in FortiClient EMS to deploy FortiClient to endpoints, it is recommended to include different sets of FortiClient features to install depending on the endpoint. Do not install components that are not required. For example, if you have no users who need to access the network remotely, do not install the Remote Access feature.
Endpoint description |
Recommended features |
---|---|
No third-party AntiVirus product installed |
|
Only VPN needed (endpoint already has a third-party AntiVirus product installed) |
|
The following lists the recommended options to enable for each feature:
Feature |
Recommended options |
|
---|---|---|
AntiVirus |
|
|
Web Filter |
|
|
VPN |
|
|
|
Tunnel options |
|
Vulnerability Scan |
|
|
System Settings |
|
Since only Vulnerability Scan and AntiVirus are supported on Windows Server machines, it is recommended to create separate installers for them where only AntiVirus is enabled. Windows Servers do not support Web Filter or Application Firewall, so these features must be disabled on the installer.
When creating an installer, if Keep updated to the latest patch is enabled, the installer is automatically updated when a new FortiClient version is available on FDS servers, then deployed to endpoints. To control software updates manually, disable this option. It is recommended to disable this feature on installers used to deploy FortiClient to servers to prevent uncontrolled service disruption during a FortiClient upgrade. |
If a FortiGate is present, connect Fabric Agent to FortiGate for deep visibility. List the FortiGate IP address in the gateway IP list so the endpoint can connect to the authorized FortiGate.