Endpoint provisioning
FortiClient EMS provides scalable and centralized management of multiple endpoints. One of the following endpoint management structures is recommended depending on the use case.
Before deploying to the production server, test deployment with a test endpoint group and test profiles. If the test deployment is successful, then attempt deployment on the production server. |
Use case |
Endpoint management structure |
---|---|
AD is set up and same structure is desired for endpoint management. |
AD integration:
|
Large deployment that needs custom grouping or does not have AD setup |
Automated group assignment. See the FortiClient EMS Administration Guide for details. |
Small deployment |
Custom groups:
|
Endpoint provisioning consists of the following steps. For details on each step, see the FortiClient EMS Administration Guide.
- Create a profile and gateway IP list. It is recommended to create a profile for each installer.
It is recommended to put the addresses for all FortiGate units in one gateway IP list. If using compliance, ensure the FortiGate for compliance is located as physically close as possible to the endpoints being monitored. Traffic for the endpoints must go through the FortiGate with compliance enabled.
- Create an installer. Select the desired FortiClient features to deploy to endpoint. See FortiClient feature recommendations for details.
- Assign the installer to a profile.
- Assign the profile to a group that contains endpoints.
- Assign the gateway IP list to the desired group.
EMS-managed FortiClient endpoints lock configuration changes in the FortiClient console. The end user cannot change the configuration.
For an initial deployment, you can deploy FortiClient using the Microsoft AD Server, or send the FortiClient download link from EMS to users. After the initial deployment, you can push future updates from EMS. |
For an initial deployment of FortiClient (macOS), deploy FortiClient (macOS) manually. |
Create a profile for the Other Endpoints group, and assign the profile to the group. This allows you to assign preferred settings to any FortiClient endpoints assigned to the Other Endpoints group. |