Endpoint provisioning
FortiClient EMS provides scalable and centralized management of multiple endpoints. One of the following endpoint management structures is recommended depending on the use case.
Before deploying to the production server, test deployment with a test endpoint group and test profiles. If the test deployment is successful, then attempt deployment on the production server. |
Use case |
Endpoint management structure |
---|---|
Active Directory (AD) is set up and same structure is desired for endpoint management. |
AD integration:
|
Large deployment that needs custom grouping or does not have AD setup |
Automated group assignment. See the FortiClient EMS Administration Guide for details. |
Small deployment |
Custom groups:
|
Endpoint provisioning consists of the following steps. For details on each step, see the FortiClient EMS Administration Guide.
- Create a profile and gateway IP list. It is recommended to create a profile for each deployment package.
It is recommended to put the addresses for all FortiGate units in one gateway IP list. Ensure the FortiGate is located as physically close as possible to the endpoints being monitored.
- Create a deployment package. Select the desired FortiClient features to deploy to endpoint. See FortiClient feature recommendations for details.
- Assign the deployment package to a profile.
- Create an endpoint policy. Assign the profile and gateway IP list to the policy. Assign the policy to the desired endpoint group.
FortiClient endpoints lock configuration changes in the FortiClient console. The end user cannot change the configuration.
For an initial deployment, you can deploy FortiClient using the Microsoft AD server, or send the FortiClient download link from EMS to users. After the initial deployment, you can push future updates from EMS. |
For an initial deployment of FortiClient (macOS), deploy FortiClient (macOS) manually. |
Create a profile for the Other Endpoints group, and assign the profile to the group. This allows you to assign preferred settings to any FortiClient endpoints assigned to the Other Endpoints group. |