Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

EMS QuickStart Guide

Creating profiles to deploy FortiClient

Installing FortiClient EMS creates a default profile. EMS applies this profile to any groups that you create. The default profile is designed to provide effective levels of protection. To use specific features, such as application firewall, create a new profile or change the default profile.

Consider the following when creating profiles:

  • Use default settings within a profile.
  • Consider the endpoint's role when changing the default profile or creating new profiles.
  • Create a separate group and profile for endpoints requiring long-term special configuration.
  • Use FortiClient EMS for all central profile settings, and set options for within the group instead of for the endpoint itself when possible.

You must create a new profile to deploy FortiClient to endpoints. You cannot add a FortiClient deployment package to the default profile.

You must add FortiClient deployment packages to FortiClient EMS before you can select the deployment packages in a profile. See Adding FortiClient deployment packages.

The selected FortiClient deployment package in a profile controls what tabs display for configuration in the profile. Only the tabs for the features in the selected deployment package display for configuration in the profile. For example, if the deployment package includes only the VPN feature, only the VPN tab displays for you to configure. The System Settings tab always displays.

You can disable a feature included in the deployment package, then enable the feature in the profile later. For example, if the deployment package includes the Web Filter and VPN features, you can disable the Web Filter feature and keep the VPN feature enabled. When FortiClient is installed on the endpoint, the Web Filter is installed, but disabled.

  1. Go to Endpoint Profiles > Manage Profile, and click the Add button.
  2. On the Deployment tab, enable FortiClient Deployment. The FortiClient deployment options display.
  3. Set the following options on the Deployment tab:

    Action

     

     

     

    Action

    Click Install.

     

    Deployment Package

    In the Deployment Package list, select the desired FortiClient deployment package.

    The selected FortiClient deployment package affects what tabs display for configuration. Only tabs related to features enabled in the FortiClient deployment package display for configuration.

    Schedule

     

     

     

    Start At

    Specify what time to start installing FortiClient on endpoints.

     

    Reboot When Needed

    Reboot the endpoint to install FortiClient when needed.

     

    Reboot when no users are logged in

    Allow the endpoint to reboot without prompt if no endpoint user is logged into FortiClient.

     

    Notify users and let the user decide when to reboot when they are logged in

    Notify the end user if a reboot of the endpoint is needed and allow the user to decide what time to reboot the endpoint. Disable to reboot the endpoint without notifying the user.

    Credentials

     

     

    Username

    Enter the username to perform deployment on AD. You must enter the admin credentials for the AD in the profile. Enter the appropriate credentials in the profile to assign to the AD. The credentials allow FortiClient EMS to install FortiClient on endpoints using AD. If the credentials are wrong, the installation fails, and an error displays in FortiClient EMS.

     

    Password

    Enter the password to perform deployment on AD.

  4. Set the options on the remaining tabs.
  5. Click Save.

Creating profiles to deploy FortiClient

Installing FortiClient EMS creates a default profile. EMS applies this profile to any groups that you create. The default profile is designed to provide effective levels of protection. To use specific features, such as application firewall, create a new profile or change the default profile.

Consider the following when creating profiles:

  • Use default settings within a profile.
  • Consider the endpoint's role when changing the default profile or creating new profiles.
  • Create a separate group and profile for endpoints requiring long-term special configuration.
  • Use FortiClient EMS for all central profile settings, and set options for within the group instead of for the endpoint itself when possible.

You must create a new profile to deploy FortiClient to endpoints. You cannot add a FortiClient deployment package to the default profile.

You must add FortiClient deployment packages to FortiClient EMS before you can select the deployment packages in a profile. See Adding FortiClient deployment packages.

The selected FortiClient deployment package in a profile controls what tabs display for configuration in the profile. Only the tabs for the features in the selected deployment package display for configuration in the profile. For example, if the deployment package includes only the VPN feature, only the VPN tab displays for you to configure. The System Settings tab always displays.

You can disable a feature included in the deployment package, then enable the feature in the profile later. For example, if the deployment package includes the Web Filter and VPN features, you can disable the Web Filter feature and keep the VPN feature enabled. When FortiClient is installed on the endpoint, the Web Filter is installed, but disabled.

  1. Go to Endpoint Profiles > Manage Profile, and click the Add button.
  2. On the Deployment tab, enable FortiClient Deployment. The FortiClient deployment options display.
  3. Set the following options on the Deployment tab:

    Action

     

     

     

    Action

    Click Install.

     

    Deployment Package

    In the Deployment Package list, select the desired FortiClient deployment package.

    The selected FortiClient deployment package affects what tabs display for configuration. Only tabs related to features enabled in the FortiClient deployment package display for configuration.

    Schedule

     

     

     

    Start At

    Specify what time to start installing FortiClient on endpoints.

     

    Reboot When Needed

    Reboot the endpoint to install FortiClient when needed.

     

    Reboot when no users are logged in

    Allow the endpoint to reboot without prompt if no endpoint user is logged into FortiClient.

     

    Notify users and let the user decide when to reboot when they are logged in

    Notify the end user if a reboot of the endpoint is needed and allow the user to decide what time to reboot the endpoint. Disable to reboot the endpoint without notifying the user.

    Credentials

     

     

    Username

    Enter the username to perform deployment on AD. You must enter the admin credentials for the AD in the profile. Enter the appropriate credentials in the profile to assign to the AD. The credentials allow FortiClient EMS to install FortiClient on endpoints using AD. If the credentials are wrong, the installation fails, and an error displays in FortiClient EMS.

     

    Password

    Enter the password to perform deployment on AD.

  4. Set the options on the remaining tabs.
  5. Click Save.