Fortinet Document Library
Version:
6.4.3
6.4.2
6.4.1
Version:
6.4.0
6.2.8
6.2.7
Version:
6.2.6
6.2.4
6.2.3
Version:
6.2.2
6.2.1
6.2.0
Version:
6.0.8
6.0.6
6.0.5
Version:
6.0.4
6.0.3
6.0.2
Version:
6.0.1
6.0.0
1.2.5
Version:
1.2.4
1.2.3
1.2.2
Version:
1.2.1
1.2.0
1.0.5
Version:
1.0.4
1.0.3
1.0.2
Version:
1.0.1
1.0.0
Table of Contents
Introduction
FortiClient EMS components
Documentation
Getting started
Getting started with managing Windows, macOS, and Linux endpoints
Deploying FortiClient software to endpoints
Pushing configuration information to FortiClient
Relationship between FortiClient EMS, FortiGate, and FortiClient
Standalone FortiClient EMS
FortiClient EMS integrated with FortiGate
Quarantining an endpoint from FortiOS using EMS
Getting started with managing Chromebooks
Configuring FortiClient EMS for Chromebooks
Configuring the Google Admin console
Deploying profiles to Chromebooks
How FortiClient EMS and FortiClient work with Chromebooks
Installation preparation
System requirements
License types
FortiClient EMS
Component applications
Required services and ports
Management capacity
FortiClient Telemetry security features
Server readiness checklist for installation
Upgrading from an earlier FortiClient EMS version
Install preparation for managing Chromebooks
G Suite account
SSL certificates
Installation and licensing
Downloading the installation file
Installing FortiClient EMS
Installing FortiClient EMS using the CLI
Allowing remote access to FortiClient EMS and using custom port numbers
Customizing the SQL Server Express install directory
Installing FortiClient EMS to specify SQL Server Enterprise or Standard instance
Starting FortiClient EMS and logging in
Accessing FortiClient EMS remotely
Licensing FortiClient EMS
License status
Help with licensing
Specifying different ports
Upgrading Microsoft SQL Server Express to Microsoft SQL Server Standard or Enterprise
Uninstalling FortiClient EMS
Chromebook-only setup
Google Admin Console setup
Logging into the Google Admin console
Adding the FortiClient Web Filter extension
Configuring the FortiClient Web Filter extension
Adding root certificates
Communication with the FortiClient Chromebook Web Filter extension
Communication with FortiAnalyzer for logging
Summary of where to add certificates
Uploading root certificates to the Google Admin console
Disabling access to Chrome developer tools
Disallowing incognito mode
Disallowing guest mode
Blocking Task Manager
Verifying the FortiClient Web Filter extension
Service account credentials
Configuring default service account credentials
Configuring unique service account credentials
Creating unique service account credentials
Adding service account credentials to the Google Admin console
Adding service account credentials to EMS
GUI
Banner
Left pane
Content pane
Dashboard
Viewing the FortiClient Status
System Information widget
License Information widget
FortiClient Status charts and widgets
Viewing the Vulnerability Scan dashboard
Viewing current vulnerabilities
Viewing the Endpoint Scan Status
Viewing the top 10 vulnerable endpoints with high risk vulnerabilities
Viewing top ten vulnerabilities on endpoints
Viewing Chromebook Status
Endpoint management
Windows, macOS, and Linux endpoints
Creating groups
Adding endpoints
Viewing endpoints
Viewing the Endpoints content pane
Using the quick status bar
Viewing endpoint details
Filtering the list of endpoints
Using bookmarks to filter the list of endpoints
Viewing Sandbox event details
Managing endpoints
Running AV scans on endpoints
Running vulnerability scans on endpoints
Patching vulnerabilities on endpoints
Uploading FortiClient logs
Running the FortiClient diagnostic tool
Updating signatures
Disconnecting and connecting endpoints
Quarantining endpoints
Quarantining an endpoint from FortiOS using EMS
Excluding endpoints from management
Deleting endpoints
Provisioning FortiClient (Android) endpoints for central management
Google Domains
Adding Google domains
Viewing domains
Viewing the Google Users pane
Viewing user details
Editing domains
Deleting domains
Group assignment rules
Group assignment rule types
Group assignment rule priority levels
Adding group assignment rules
Enabling/disabling a group assignment rule
Deleting a group assignment rule
Quarantine Management
Files
Viewing quarantined files
Allowlisting quarantined files
Whitelist
Viewing allowlisted files
Editing file descriptions
Deleting files from the allowlist
Software Inventory
Applications
Hosts
Endpoint Policy
Adding an endpoint policy
Editing an endpoint policy
Deleting an endpoint policy
Enabling/disabling an endpoint policy
Chromebook Policy
Endpoint Profiles
Configuring profiles
Editing the default profile
Configuring profiles for Windows, macOS, and Linux endpoints
Creating profiles to configure FortiClient
Creating profiles to deploy FortiClient
Creating profiles to uninstall FortiClient
Importing FortiGate Web Filter profiles
Importing Web Filter profiles from FortiManager
Creating profiles with XML
Creating profiles to automatically upgrade FortiClient
Configuring profiles for Chromebooks
Adding new profiles
Enabling/disabling Safe Search
Viewing profiles
Managing profiles
Editing profiles
Cloning profiles
Syncing profile changes
Editing sync schedules
Deleting profiles
Profile references
Profile Name
Malware Protection
Sandbox Detection
Web Filter
Application Firewall
VPN
Vulnerability Scan
System Settings
XML Configuration
Managing installers
Deployment Packages
Adding FortiClient deployment packages
Viewing deployment packages
Deleting FortiClient deployment packages
FortiClient installers
Adding a custom FortiClient installer
Viewing installers
Profile Components
Telemetry Gateway Lists
Creating Telemetry gateway lists
Exporting Telemetry gateway lists to XML
Viewing Telemetry gateway lists
Viewing assigned Telemetry gateway lists
Compliance Verification
Compliance Verification Rules
Adding a compliance verification rule
Editing compliance verification rule
Deleting a compliance verification rule
Managing tags
Host Tag Monitor
Configuring FortiOS dynamic policies using EMS dynamic endpoint groups
Fabric Device Monitor
Deployment
Preparing the AD server for deployment
Configuring a group policy on the AD server
Configuring required Windows services
Creating deployment rules for Windows firewall
Configuring Windows firewall domain profile settings
Preparing Windows endpoints for FortiClient deployment
Deploying FortiClient on endpoints
Deploying initial installations of FortiClient (macOS)
Deploying FortiClient upgrades from FortiClient EMS
Administration
Administrators
Viewing users
Configuring Windows and LDAP user accounts
Creating new user accounts
Activating disabled accounts
Configuring admin roles
Adding an admin role
Cloning an admin role
Deleting admin roles
Admin role permissions reference
User Servers
Adding a user server
Editing a user server
Deleting a user server
Viewing user servers
Configuring User Settings
Database management
Backing up the database
Restoring the database
Activating, upgrading, and renewing licenses
Logging into FortiCare
Uploading a license file for activation, upgrade, or renewal
Logs
System Settings
Configuring Server settings
Adding SSL certificates to FortiClient EMS for Chromebook endpoints
Configuring Logs settings
Configuring FortiGuard settings
Configuring Endpoints settings
Configuring the login banner
Alerts
Configuring EMS Alerts
Configuring Endpoints Alerts
Configuring SMTP Server settings
Viewing alerts
Custom Messages
Customizing the endpoint quarantine message
Customizing Web Filter messages
Creating a support package
Home
FortiClient 6.2.0
EMS Administration Guide
EMS Administration Guide
Introduction
FortiClient EMS components
Documentation
Getting started
Getting started with managing Windows, macOS, and Linux endpoints
Deploying FortiClient software to endpoints
Pushing configuration information to FortiClient
Relationship between FortiClient EMS, FortiGate, and FortiClient
Standalone FortiClient EMS
FortiClient EMS integrated with FortiGate
Quarantining an endpoint from FortiOS using EMS
Getting started with managing Chromebooks
Configuring FortiClient EMS for Chromebooks
Configuring the Google Admin console
Deploying profiles to Chromebooks
How FortiClient EMS and FortiClient work with Chromebooks
Installation preparation
System requirements
License types
FortiClient EMS
Component applications
Required services and ports
Management capacity
FortiClient Telemetry security features
Server readiness checklist for installation
Upgrading from an earlier FortiClient EMS version
Install preparation for managing Chromebooks
G Suite account
SSL certificates
Installation and licensing
Downloading the installation file
Installing FortiClient EMS
Installing FortiClient EMS using the CLI
Allowing remote access to FortiClient EMS and using custom port numbers
Customizing the SQL Server Express install directory
Installing FortiClient EMS to specify SQL Server Enterprise or Standard instance
Starting FortiClient EMS and logging in
Accessing FortiClient EMS remotely
Licensing FortiClient EMS
License status
Help with licensing
Specifying different ports
Upgrading Microsoft SQL Server Express to Microsoft SQL Server Standard or Enterprise
Uninstalling FortiClient EMS
Chromebook-only setup
Google Admin Console setup
Logging into the Google Admin console
Adding the FortiClient Web Filter extension
Configuring the FortiClient Web Filter extension
Adding root certificates
Communication with the FortiClient Chromebook Web Filter extension
Communication with FortiAnalyzer for logging
Summary of where to add certificates
Uploading root certificates to the Google Admin console
Disabling access to Chrome developer tools
Disallowing incognito mode
Disallowing guest mode
Blocking Task Manager
Verifying the FortiClient Web Filter extension
Service account credentials
Configuring default service account credentials
Configuring unique service account credentials
Creating unique service account credentials
Adding service account credentials to the Google Admin console
Adding service account credentials to EMS
GUI
Banner
Left pane
Content pane
Dashboard
Viewing the FortiClient Status
System Information widget
License Information widget
FortiClient Status charts and widgets
Viewing the Vulnerability Scan dashboard
Viewing current vulnerabilities
Viewing the Endpoint Scan Status
Viewing the top 10 vulnerable endpoints with high risk vulnerabilities
Viewing top ten vulnerabilities on endpoints
Viewing Chromebook Status
Endpoint management
Windows, macOS, and Linux endpoints
Creating groups
Adding endpoints
Viewing endpoints
Viewing the Endpoints content pane
Using the quick status bar
Viewing endpoint details
Filtering the list of endpoints
Using bookmarks to filter the list of endpoints
Viewing Sandbox event details
Managing endpoints
Running AV scans on endpoints
Running vulnerability scans on endpoints
Patching vulnerabilities on endpoints
Uploading FortiClient logs
Running the FortiClient diagnostic tool
Updating signatures
Disconnecting and connecting endpoints
Quarantining endpoints
Quarantining an endpoint from FortiOS using EMS
Excluding endpoints from management
Deleting endpoints
Provisioning FortiClient (Android) endpoints for central management
Google Domains
Adding Google domains
Viewing domains
Viewing the Google Users pane
Viewing user details
Editing domains
Deleting domains
Group assignment rules
Group assignment rule types
Group assignment rule priority levels
Adding group assignment rules
Enabling/disabling a group assignment rule
Deleting a group assignment rule
Quarantine Management
Files
Viewing quarantined files
Allowlisting quarantined files
Whitelist
Viewing allowlisted files
Editing file descriptions
Deleting files from the allowlist
Software Inventory
Applications
Hosts
Endpoint Policy
Adding an endpoint policy
Editing an endpoint policy
Deleting an endpoint policy
Enabling/disabling an endpoint policy
Chromebook Policy
Endpoint Profiles
Configuring profiles
Editing the default profile
Configuring profiles for Windows, macOS, and Linux endpoints
Creating profiles to configure FortiClient
Creating profiles to deploy FortiClient
Creating profiles to uninstall FortiClient
Importing FortiGate Web Filter profiles
Importing Web Filter profiles from FortiManager
Creating profiles with XML
Creating profiles to automatically upgrade FortiClient
Configuring profiles for Chromebooks
Adding new profiles
Enabling/disabling Safe Search
Viewing profiles
Managing profiles
Editing profiles
Cloning profiles
Syncing profile changes
Editing sync schedules
Deleting profiles
Profile references
Profile Name
Malware Protection
Sandbox Detection
Web Filter
Application Firewall
VPN
Vulnerability Scan
System Settings
XML Configuration
Managing installers
Deployment Packages
Adding FortiClient deployment packages
Viewing deployment packages
Deleting FortiClient deployment packages
FortiClient installers
Adding a custom FortiClient installer
Viewing installers
Profile Components
Telemetry Gateway Lists
Creating Telemetry gateway lists
Exporting Telemetry gateway lists to XML
Viewing Telemetry gateway lists
Viewing assigned Telemetry gateway lists
Compliance Verification
Compliance Verification Rules
Adding a compliance verification rule
Editing compliance verification rule
Deleting a compliance verification rule
Managing tags
Host Tag Monitor
Configuring FortiOS dynamic policies using EMS dynamic endpoint groups
Fabric Device Monitor
Deployment
Preparing the AD server for deployment
Configuring a group policy on the AD server
Configuring required Windows services
Creating deployment rules for Windows firewall
Configuring Windows firewall domain profile settings
Preparing Windows endpoints for FortiClient deployment
Deploying FortiClient on endpoints
Deploying initial installations of FortiClient (macOS)
Deploying FortiClient upgrades from FortiClient EMS
Administration
Administrators
Viewing users
Configuring Windows and LDAP user accounts
Creating new user accounts
Activating disabled accounts
Configuring admin roles
Adding an admin role
Cloning an admin role
Deleting admin roles
Admin role permissions reference
User Servers
Adding a user server
Editing a user server
Deleting a user server
Viewing user servers
Configuring User Settings
Database management
Backing up the database
Restoring the database
Activating, upgrading, and renewing licenses
Logging into FortiCare
Uploading a license file for activation, upgrade, or renewal
Logs
System Settings
Configuring Server settings
Adding SSL certificates to FortiClient EMS for Chromebook endpoints
Configuring Logs settings
Configuring FortiGuard settings
Configuring Endpoints settings
Configuring the login banner
Alerts
Configuring EMS Alerts
Configuring Endpoints Alerts
Configuring SMTP Server settings
Viewing alerts
Custom Messages
Customizing the endpoint quarantine message
Customizing Web Filter messages
Creating a support package
6.2.0
6.4.3
6.4.2
6.4.1
6.4.0
6.2.8
6.2.7
6.2.6
6.2.4
6.2.3
6.2.2
6.2.1
6.2.0
6.0.8
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
1.2.5
1.2.4
1.2.3
1.2.2
1.2.1
1.2.0
1.0.5
1.0.4
1.0.3
1.0.2
1.0.1
1.0.0
Download PDF
Copy Link
Chromebook-only setup
The following sections only apply if you plan to use
FortiClient EMS
to manage Chromebooks:
Google Admin Console setup
Service account credentials
Chromebook-only setup
Chromebook-only setup
The following sections only apply if you plan to use
FortiClient EMS
to manage Chromebooks:
Google Admin Console setup
Service account credentials
Link
PDF
TOC