This section applies only if you are sending logs from FortiClient EMS to FortiAnalyzer. If you are not sending logs, skip this section.
Sending logs to FortiAnalyzer requires you enable ADOMs in FortiAnalyzer and add FortiClient EMS to FortiAnalyzer. FortiClient EMS is added as a device to the FortiClient ADOM in FortiAnalyzer. See the FortiAnalyzer Administration Guide.
FortiClient EMS supports logging to FortiAnalyzer. If you have a FortiAnalyzer device and configure FortiClient EMS to send logs to FortiAnalyzer, a FortiAnalyzer CLI command must be enabled and an SSL certificate is required to support communication between the FortiClient Web Filter extension and FortiAnalyzer.
If you use a public SSL certificate, you only need to add the public SSL certificate to FortiAnalyzer. See Adding SSL certificates to FortiAnalyzer.
However, if you prefer to use a certificate not from a common CA, you must add the SSL certificate to FortiAnalyzer and push your certificate's root CA to the Google Chromebooks. Otherwise, the HTTPS connection between the FortiClient Chromebook Web Filter extension and FortiAnalyzer does not work. See Uploading root certificates to the Google Admin console.
You must use the FortiAnalyzer CLI to add HTTPS-logging to the allow-access list in FortiAnalyzer. This command is one step in the process that allows FortiAnalyzer to receive logs from FortiClient EMS.
In FortiAnalyzer CLI, enter the following command:
config system interface
set allowaccess https ssh https-logging
- In FortiAnalyzer, go to System Settings > Certificates > Local Certificates.
- Click Import. The Import Local Certificate dialog appears.
- In the Type list, select Certificate or PKCS #12 Certificate.
- Beside Certificate File, click Browse to select the certificate.
- Enter the password and certificate name.
- Click OK.
- In FortiAnalyzer, go to System Settings > Admin > Admin Settings.
- In the HTTPS & Web Service Certificate box, select the certificate to use for HTTPS connections, and click Apply.