In 6.2.1, you must use FortiClient with EMS. FortiClient must connect to EMS to activate its license and become provisioned by the endpoint profile that the administrator configured in EMS. You cannot use any FortiClient features (except for VPN, as described in Free three-day VPN access) until FortiClient is connected to EMS and licensed.
You can also use FortiClient with both EMS and FortiGate.
The setup process is as follows. The EMS administrator completes some actions, and the endpoint user completes others.
- The administrator configures a FortiClient deployment package in EMS. The administrator specifies which modules to install in the deployment package.
- The administrator prepares to deploy FortiClient from EMS. See Provisioning preparation.
- The administrator deploys FortiClient on the endpoint from EMS. See Provisioning. FortiClient installs on the endpoint.
For installation to be successful, the endpoint must be a computer or device on your network that has Internet access and is running a supported operating system.
After FortiClient installs on the endpoint, it immediately connects to EMS to activate its license. The endpoint user may need to confirm the connection request to complete the Telemetry connection to EMS. FortiClient is now a managed endpoint. Once licensed, FortiClient becomes provisioned by the endpoint profile configured in EMS. The modules that the administrator included in the deployment package in step 1 become available for use.
After the endpoint profile provisions FortiClient, it connects to the FortiGuard server to check for updates for the configured features.
If configured, FortiClient also connects to the FortiGate. Once connected to the FortiGate, the endpoint is participating in the Security Fabric.
- The administrator manages the endpoint using EMS.
- If desired, the endpoint user can add a personal VPN configuration. See Configuring VPN connections.
- The endpoint user can use the installed modules in FortiClient. Depending on what modules were installed, one, more, or all of the following tabs are available:
- Fabric Telemetry
- Malware Protection
- Sandbox Detection
- Web Filter
- Application Firewall
- Vulnerability Scan
- Remote Access
FortiClient must maintain a Telemetry connection to EMS to maintain its licensed status. If FortiClient disconnects from EMS and does not reconnect within the given timeout, the endpoint loses its license and the endpoint user cannot use any FortiClient features until FortiClient reestablishes connection to EMS.
If FortiClient registers to EMS but later becomes offline (meaning it is still registered to but cannot reach EMS), all features function for 30 days. After 30 days, FortiClient becomes unregistered and all features are disabled.