You can import FortiClient profiles from FortiManager into EMS, then edit the profile in FortiClient EMS to add a FortiClient installer or add configuration information that supports the FortiGate compliance rules.
To import profiles successfully from FortiManager to FortiClient EMS, FortiManager must have the HTTPS port open. In FortiManager, go to System Settings > Network and enable the HTTPS checkbox.
- Configure FortiManager to allow EMS profile importation:
- Go to System Settings > Network and enable the HTTPS checkbox.
- Remote Procedure Call must be set to
read. Run the
get system admin user admincommand. Ensure that
rpc-permitis set to
rpc-permitis not set to
read, run the following commands to configure it:
config system admin user
set rpc-permit read
- Click Endpoint Profiles > Manage Profiles > Import. The Import Profiles from FortiGate/FortiManager window opens.
- Under Type, select FortiManager.
- Complete the following options, and click Next.
Enter the IP address and port of the FortiManager device from which the profile is being imported, in the format:
Enter a VDOM name from the FortiManager if applicable.
Enter the FortiManager's login username.
Enter the FortiManager's login password.
The list of FortiClient profiles configured on the FortiManager displays.
Under each profile name is the list of profiles created for different operating systems, such as desktops running a Windows or macOS operating system or devices running an Android operating system. In the example, under the test profile, Android, Desktop, and iOS profiles are listed. You can click the </> icon beside each profile to preview the settings in XML format.
- Select the profiles to import into EMS and click Next.
Select the name of the profile to import all profiles for it into EMS. You can also clear the checkbox beside the profiles you do not want to import into EMS. For example, you can import the Android and desktop profiles, but not the iOS profile for a given profile name.
- Under Synchronization Mode, select one of the following options.
- One Time Pull: If selected, FortiClient EMS does not automatically sync profile changes from the FortiManager. You can manually sync profile changes after importing the profile. See Syncing profile changes.
- Group Schedule: Select to configure a group synchronization schedule for all selected profiles. Select the next date and time to automatically update the profiles, and the profile update interval in days, hours, or seconds.
- Individual Schedule: Select to configure an individual synchronization schedule for each selected profile. Select the next date and time to automatically update each profile, and the profile update interval in days, hours, or seconds.
- Click Import. The selected profiles are imported into EMS and display under the Endpoint Profiles pane in a group named after the FortiManager device from which they were imported.
- In the Endpoint Profiles page, select an imported profile to edit it.
You can edit additional options to provide configuration information to support the compliance rules. You can also add a FortiClient installer to the profile by using the Deployment tab. Custom installers can be created. See Creating FortiClient installers.
- Edit the options on the tabs.
- Click Save Profile.