Installer creation enhancements
The EMS installer wizard has been improved so that administrators can now create custom FortiClient installers in a manner similar to the FortiClient Configurator Tool.
You can create deployment packages to deploy FortiClient to endpoints. Deployment packages include the FortiClient installer, which determines the FortiClient release and patch to install on the endpoint, as well as which FortiClient features are installed on the endpoint. Deployment packages can also include a Telemetry gateway list for connection to a FortiGate.
Manage Installers > FortiClient Installers displays FortiClient installers available from FortiGuard and uploaded custom FortiClient installers. These installers are available for selection when creating a FortiClient deployment package. EMS automatically connects to FortiGuard to provide access to FortiClient installers that you can use with EMS profiles. If a connection to FDN is not available, you must manually download FortiClient installers to use with EMS.
You can download FortiClient installers to use with EMS from Fortinet Customer Service & Support. This requires a support account with a valid support contract. Download the Windows, macOS, or Linux installation file.
To add a custom FortiClient installer:
All uploaded Windows installers must be .msi or .zip files. All uploaded macOS installers must be .dmg files.
- Download a FortiClient installer. You can also upload a previously customized installer.
- Upload the custom installation files:
- Go to Manage Installers > FortiClient Installers.
- Click Add. The Add FortiClient Installer dialog displays.
- Set the following options:
Enter a name for the set of installation files.
Upload Windows Installers
Enable to upload FortiClient installers for the Windows operating system.
Windows 64-Bit Installer (ZIP or MSI)
Click the Browse button to locate and select a custom 64-bit installer for the Windows operating system.
Windows 32-Bit Installer (ZIP or MSI)
Click the Browse button to locate and select a custom 32-bit installer for the Windows operating system.
Upload Mac Installer
Enable to upload a FortiClient installer for the macOS operating system.
Mac Installer (DMG)
Click the Browse button to locate and select a custom installer for the macOS operating system.
- Click Upload. The custom installers are uploaded to EMS.
To add a FortiClient deployment package:
- Go to Manage Installers > Deployment Packages.
- Click Add.
- On the Version tab, set the following options:
Configure the deployment package to use an official FortiClient installer or a custom FortiClient installer.
Select the FortiClient release version to install.
Select the specific FortiClient patch version to install.
Keep updated to the latest patch
Select to enable FortiClient to automatically update to the latest patch release when FortiClient is installed on an endpoint.
- On the General tab, set the following options:
Enter the FortiClient installer's name.
(Optional) Enter any notes about the FortiClient installer.
- Click Next. On the Features tab, set the following options:
Security Fabric Agent (Mandatory Feature)
Enabled by default and cannot be disabled. Installs FortiClient with Telemetry and Vulnerability Scan enabled.
Secure Access Architecture Components
Enable to install FortiClient with SSL and IPsec VPN enabled. Disable to omit SSL and IPsec VPN support from the FortiClient deployment package.
Advanced Persistent Threat (APT) Components
Enable to install FortiClient with APT components enabled. Disable to omit APT components from the FortiClient installer. Includes FortiSandbox detection and quarantine features.
Additional Security Features
Enable to select one, two, or all of the following features:
- Web Filtering
- Application Firewall
- Single Sign-On mobility agent
- Cloud Based Malware Outbreak Detection
Disable to exclude the features from the FortiClient installer.
- Click Next. On the Advanced tab, set the following options:
Enable automatic registration
Enable to configure FortiClient to automatically connect Telemetry to EMS after FortiClient is installed on the endpoint. Disable to turn off this feature and require endpoint users to manually connect Telemetry to EMS.
Enable desktop shortcut
Enable to configure the FortiClient installer to create a desktop shortcut on the endpoint.
Enable start menu shortcut
Enable to configure the FortiClient installer to create a Start menu shortcut on the endpoint.
Enable Installer ID
Enable to configure an installer ID. Select an existing installer ID or enter a new installer ID. If creating an installer ID, select a group path or create a new group in the Group Path field. EMS automatically groups endpoints according to installer ID group assignment rules.
This option is not available when the FortiClient installer selected or uploaded in step 3 is a version prior to 6.0.0.
Enable Endpoint Profile
Enable to select an endpoint profile to include in the installer. The profile is applied to the endpoint once it has installed FortiClient. This option is necessary if it is required to have certain security features enabled prior to contact with EMS, or if users require VPN connection to connect to EMS.
- Click Next. The Telemetry tab displays the hostname and IP address of the EMS server, which will manage FortiClient once it is installed on the endpoint. Also configure the following option:
Enable telemetry connection to Security Fabric (FortiGate)
Enable this option, and select the name of the gateway list to use. The gateway list defines the IP address for the FortiGate.
If you have not created a gateway list, this option is not available.
- Click Finish. The FortiClient installer is added to EMS and displays on the Manage Installers > Deployment Packages pane.
The deployment package may include .exe (32-bit and 64-bit), .msi, and .dmg files depending on the configuration. The following shows an example of a deployment package that includes .exe, .msi, and .dmg files. The end user can download these files to install FortiClient on their machine with the desired configuration.