EMS Administration Guide

• Introduction
  • FortiClient EMS components
  • Documentation
• Getting started
  • Getting started with managing Windows, macOS, and Linux endpoints
    • Deploying FortiClient software to endpoints
    • Pushing configuration information to FortiClient
    • Relationship between FortiClient EMS, FortiGate, and FortiClient
      • Standalone FortiClient EMS
      • FortiClient EMS integrated with FortiGate
      • Quarantining an endpoint from FortiOS using EMS
  • Getting started with managing Chromebooks
    • Configuring FortiClient EMS for Chromebooks
    • Configuring the Google Admin console
    • Deploying profiles to Chromebooks
    • How FortiClient EMS and FortiClient work with Chromebooks
• Installation preparation
  • System requirements
  • License types
    • FortiClient EMS
    • Component applications
  • Required services and ports
  • Management capacity
  • FortiClient Telemetry security features
  • Server readiness checklist for installation
  • Upgrading from an earlier FortiClient EMS version
  • Install preparation for managing Chromebooks
    • G Suite account
    • SSL certificates
• Installation and licensing
  • Downloading the installation file
  • Installing FortiClient EMS
  • Installing FortiClient EMS using the CLI
    • Allowing remote access to FortiClient EMS and using custom port numbers
    • Customizing the SQL Server Express install directory
    • Installing FortiClient EMS to specify SQL Server Enterprise or Standard instance
  • Starting FortiClient EMS and logging in
  • Accessing FortiClient EMS remotely
  • Licensing FortiClient EMS
    • License status
    • Help with licensing
  • Specifying different ports
  • Upgrading Microsoft SQL Server Express to Microsoft SQL Server Standard or Enterprise
  • Uninstalling FortiClient EMS
• Chromebook-only setup
  • Google Admin Console setup
    • Logging into the Google Admin console
    • Adding the FortiClient Web Filter extension
    • Configuring the FortiClient Web Filter extension
    • Adding root certificates
      • Communication with the FortiClient Chromebook Web Filter extension
      • Communication with FortiAnalyzer for logging
      • Summary of where to add certificates
      • Uploading root certificates to the Google Admin console
    • Disabling access to Chrome developer tools
    • Disallowing incognito mode
    • Disallowing guest mode
    • Blocking Task Manager
    • Verifying the FortiClient Web Filter extension
  • Service account credentials
    • Configuring default service account credentials
    • Configuring unique service account credentials
      • Creating unique service account credentials
      • Adding service account credentials to the Google Admin console
      • Adding service account credentials to EMS
• GUI
  • Banner
  • Left pane
  • Content pane
• Dashboard
  • Viewing the FortiClient Status
    • System Information widget
    • License Information widget
    • FortiClient Status charts and widgets
  • Viewing the Vulnerability Scan dashboard
    • Viewing current vulnerabilities
    • Viewing the Endpoint Scan Status
    • Viewing the top 10 vulnerable endpoints with high risk vulnerabilities
    • Viewing top ten vulnerabilities on endpoints
  • Viewing Chromebook Status
• Endpoint management
  • Windows, macOS, and Linux endpoints
    • Creating groups
    • Adding endpoints
    • Viewing endpoints
      • Viewing the Endpoints content pane
      • Using the quick status bar
      • Viewing endpoint details
      • Filtering the list of endpoints
      • Using bookmarks to filter the list of endpoints
      • Viewing Sandbox event details
    • Managing endpoints
      • Running AV scans on endpoints
      • Running vulnerability scans on endpoints
      • Patching vulnerabilities on endpoints
      • Uploading FortiClient logs
      • Running the FortiClient diagnostic tool
      • Updating signatures
      • Disconnecting and connecting endpoints
      • Quarantining endpoints
      • Quarantining an endpoint from FortiOS using EMS
      • Excluding endpoints from management
      • Deleting endpoints
      • Provisioning FortiClient (Android) endpoints for central management
  • Google Domains
    • Adding Google domains
    • Viewing domains
      • Viewing the Google Users pane
      • Viewing user details
    • Editing domains
    • Deleting domains
  • Group assignment rules
    • Group assignment rule types
    • Group assignment rule priority levels
    • Adding group assignment rules
    • Enabling/disabling a group assignment rule
    • Deleting a group assignment rule
• Quarantine Management
  • Files
    • Viewing quarantined files
    • Whitelisting quarantined files
  • Whitelist
    • Viewing whitelisted files
    • Editing file descriptions
    • Deleting files from the whitelist
• Software Inventory
  • Applications
  • Hosts
• Endpoint Policy
  • Adding an endpoint policy
  • Editing an endpoint policy
  • Deleting an endpoint policy
  • Enabling/disabling an endpoint policy
• Chromebook Policy
• Endpoint Profiles
  • Configuring profiles
    • Editing the default profile
    • Configuring profiles for Windows, macOS, and Linux endpoints
      • Creating profiles to configure FortiClient
      • Creating profiles to deploy FortiClient
      • Creating profiles to uninstall FortiClient
      • Importing FortiGate Web Filter profiles
      • Importing Web Filter profiles from FortiManager
      • Creating profiles with XML
      • Creating profiles to automatically upgrade FortiClient
    • Configuring profiles for Chromebooks
      • Adding new profiles
      • Enabling/disabling Safe Search
  • Viewing profiles
  • Managing profiles
    • Editing profiles
    • Cloning profiles
    • Syncing profile changes
    • Editing sync schedules
    • Deleting profiles
  • Profile references
    • Profile Name
    • Malware Protection
    • Sandbox Detection
    • Web Filter
    • Application Firewall
    • VPN
    • Vulnerability Scan
    • System Settings
    • XML Configuration
• Managing installers
  • Deployment Packages
    • Adding FortiClient deployment packages
    • Viewing deployment packages
    • Deleting FortiClient deployment packages
  • FortiClient installers
    • Adding a custom FortiClient installer
    • Viewing installers
• Profile Components
• Telemetry Gateway Lists
  • Creating Telemetry gateway lists
  • Exporting Telemetry gateway lists to XML
  • Viewing Telemetry gateway lists
  • Viewing assigned Telemetry gateway lists
• Compliance Verification
  • Compliance Verification Rules
    • Adding a compliance verification rule
    • Editing compliance verification rule
    • Deleting a compliance verification rule
    • Managing tags
  • Host Tag Monitor
  • Configuring FortiOS dynamic policies using EMS dynamic endpoint groups
  • Fabric Device Monitor
• Deployment
  • Preparing the AD server for deployment
    • Configuring a group policy on the AD server
    • Configuring required Windows services
    • Creating deployment rules for Windows firewall
    • Configuring Windows firewall domain profile settings
  • Preparing Windows endpoints for FortiClient deployment
  • Deploying FortiClient on endpoints
  • Deploying initial installations of FortiClient (macOS)
  • Deploying FortiClient upgrades from FortiClient EMS
• Administration
  • Administrators
    • Viewing users
    • Configuring Windows and LDAP user accounts
    • Creating new user accounts
    • Activating disabled accounts
  • Configuring admin roles
    • Adding an admin role
    • Cloning an admin role
    • Deleting admin roles
    • Admin role permissions reference
  • User Servers
    • Adding a user server
    • Editing a user server
    • Deleting a user server
    • Viewing user servers
  • Configuring User Settings
  • Database management
    • Backing up the database
    • Restoring the database
  • Activating, upgrading, and renewing licenses
    • Logging into FortiCare
    • Uploading a license file for activation, upgrade, or renewal
  • Logs
• System Settings
  • Configuring Server settings
  • Adding SSL certificates to FortiClient EMS for Chromebook endpoints
  • Configuring Logs settings
  • Configuring FortiGuard settings
  • Configuring Endpoints settings
  • Configuring the login banner
  • Alerts
    • Configuring EMS Alerts
    • Configuring Endpoints Alerts
    • Configuring SMTP Server settings
    • Viewing alerts
  • Custom Messages
    • Customizing the endpoint quarantine message
    • Customizing Web Filter messages
• Creating a support package