Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

EMS Administration Guide

Importing FortiClient profiles from FortiManager

You can import FortiClient profiles from FortiManager into EMS, then edit the profile in FortiClient EMS to add a FortiClient installer or add configuration information that supports the FortiGate compliance rules.

  1. Configure FortiManager to allow EMS profile importation:
    1. Go to System Settings > Network and enable the HTTPS checkbox.
    2. Remote Procedure Call must be set to read. Run the get system admin user admin command. Ensure that rpc-permit is set to read.
    3. If rpc-permit is not set to read, run the following commands to configure it:

      config system admin user

      edit "admin"

      set rpc-permit read

      end

  2. Click Endpoint Profiles > Manage Profiles > Import. The Import Profiles from FortiGate/FortiManager window opens.
  3. Under Type, select FortiManager.
  4. Configure the following options, and click Next.

    IP address/Hostname

    Enter the IP address and port of the FortiManager device from which the profile is being imported, in the format: <ip address>:<port>.

    VDOM

    Enter a VDOM name from the FortiManager if applicable.

    Username

    Enter the FortiManager's login username.

    Password

    Enter the FortiManager's login password.

    The list of FortiClient profiles configured on the FortiManager displays.

    Under each profile name is the list of profiles created for different operating systems, such as desktops running a Windows or macOS operating system or devices running an Android operating system. In the example, under the test profile, Android, Desktop, and iOS profiles are listed. You can click the </> icon beside each profile to preview the settings in XML format.

  5. Select the profiles to import into EMS and click Next.

    Select the name of the profile to import all profiles for it into EMS. You can also clear the checkbox beside the profiles you do not want to import into EMS. For example, you can import the Android and desktop profiles, but not the iOS profile for a given profile name.

  6. Under Synchronization Mode, select one of the following options.

    1. One Time Pull: If selected, FortiClient EMS does not automatically sync profile changes from the FortiManager. You can manually sync profile changes after importing the profile. See Syncing profile changes.
    2. Group Schedule: Select to configure a group synchronization schedule for all selected profiles. Select the next date and time to automatically update the profiles, and the profile update interval in days, hours, or seconds.
    3. Individual Schedule: Select to configure an individual synchronization schedule for each selected profile. Select the next date and time to automatically update each profile, and the profile update interval in days, hours, or seconds.
  7. Click Import. The selected profiles are imported into EMS and display under the Endpoint Profiles pane in a group named after the FortiManager device from which they were imported.
  8. In the Endpoint Profiles page, select an imported profile to edit it.

    You can edit additional options to provide configuration information to support the compliance rules. You can also add a FortiClient installer to the profile by using the Deployment tab. Custom installers can be created. See Creating FortiClient installers.

  9. Edit the options on the tabs.
  10. Click Save Profile.

Importing FortiClient profiles from FortiManager

You can import FortiClient profiles from FortiManager into EMS, then edit the profile in FortiClient EMS to add a FortiClient installer or add configuration information that supports the FortiGate compliance rules.

  1. Configure FortiManager to allow EMS profile importation:
    1. Go to System Settings > Network and enable the HTTPS checkbox.
    2. Remote Procedure Call must be set to read. Run the get system admin user admin command. Ensure that rpc-permit is set to read.
    3. If rpc-permit is not set to read, run the following commands to configure it:

      config system admin user

      edit "admin"

      set rpc-permit read

      end

  2. Click Endpoint Profiles > Manage Profiles > Import. The Import Profiles from FortiGate/FortiManager window opens.
  3. Under Type, select FortiManager.
  4. Configure the following options, and click Next.

    IP address/Hostname

    Enter the IP address and port of the FortiManager device from which the profile is being imported, in the format: <ip address>:<port>.

    VDOM

    Enter a VDOM name from the FortiManager if applicable.

    Username

    Enter the FortiManager's login username.

    Password

    Enter the FortiManager's login password.

    The list of FortiClient profiles configured on the FortiManager displays.

    Under each profile name is the list of profiles created for different operating systems, such as desktops running a Windows or macOS operating system or devices running an Android operating system. In the example, under the test profile, Android, Desktop, and iOS profiles are listed. You can click the </> icon beside each profile to preview the settings in XML format.

  5. Select the profiles to import into EMS and click Next.

    Select the name of the profile to import all profiles for it into EMS. You can also clear the checkbox beside the profiles you do not want to import into EMS. For example, you can import the Android and desktop profiles, but not the iOS profile for a given profile name.

  6. Under Synchronization Mode, select one of the following options.

    1. One Time Pull: If selected, FortiClient EMS does not automatically sync profile changes from the FortiManager. You can manually sync profile changes after importing the profile. See Syncing profile changes.
    2. Group Schedule: Select to configure a group synchronization schedule for all selected profiles. Select the next date and time to automatically update the profiles, and the profile update interval in days, hours, or seconds.
    3. Individual Schedule: Select to configure an individual synchronization schedule for each selected profile. Select the next date and time to automatically update each profile, and the profile update interval in days, hours, or seconds.
  7. Click Import. The selected profiles are imported into EMS and display under the Endpoint Profiles pane in a group named after the FortiManager device from which they were imported.
  8. In the Endpoint Profiles page, select an imported profile to edit it.

    You can edit additional options to provide configuration information to support the compliance rules. You can also add a FortiClient installer to the profile by using the Deployment tab. Custom installers can be created. See Creating FortiClient installers.

  9. Edit the options on the tabs.
  10. Click Save Profile.