Fortinet black logo

EMS QuickStart Guide

Windows, macOS, and Linux endpoint management setup

Windows, macOS, and Linux endpoint management setup

This section describes how to set up FortiClient EMS for Windows, macOS, and Linux endpoint management. It provides an overview of using FortiClient EMS and FortiClient EMS integrated with FortiGate.

When FortiClient EMS is integrated with FortiGate, you can use Telemetry gateway lists to help FortiClient endpoints connect to FortiClient EMS and FortiGate.

FortiClient EMS

Following is a summary of how to use FortiClient EMS without FortiGate:

  1. Configure user accounts. See Configuring user accounts.
  2. Add domains and/or discover local endpoints. See Adding endpoints
  3. Add a FortiClient deployment package to EMS. See Adding a FortiClient deployment package.
  4. Create an endpoint profile and select a FortiClient deployment package. See Creating a profile to deploy FortiClient.

    FortiClient EMS can deploy FortiClient (Windows) to AD endpoints that do not have FortiClient installed, as well as upgrade existing FortiClient installations if the endpoints are already connected to the EMS server. To allow initial deployment, EMS must be able to resolve the endpoint IP address via the DNS configured on the server.

    You can use with workgroups only to upgrade FortiClient (Windows) on endpoints after they connect Telemetry. When using workgroups, you must separately install FortiClient (Windows) on endpoints.

    note icon

    You can use FortiClient EMS to replace, upgrade, and uninstall FortiClient (macOS) after they connect Telemetry to EMS and FortiClient connects to FortiClient EMS. You cannot use FortiClient EMS to initially deploy FortiClient (macOS) and must separately install it on endpoints. See the FortiClient EMS Administration Guide.

  5. Prepare Windows endpoints for FortiClient deployment. See Preparing Windows endpoints for FortiClient deployment.

    You must also prepare the Windows AD server for deployment. See the FortiClient EMS Administration Guide.

  6. Create an endpoint policy configured with the desired endpoint profile. Configure the endpoint policy for the desired workgroup, domain, endpoint group, or organizational group. See Adding an endpoint policy.

    Depending on the selected profile's configuration, FortiClient is installed on the endpoints to which the profile is applied.

    After FortiClient installation, the endpoint connects FortiClient Telemetry to FortiClient EMS to receive the profile configuration and complete endpoint management setup.

  7. View the endpoint status. See Viewing endpoints.

FortiClient EMS integrated with FortiGate

Following is a summary of how to use FortiClient EMS when integrated with FortiGate:

  1. Configure user accounts. See Configuring user accounts.
  2. Add domains and/or discover local endpoints. See Adding endpoints
  3. Create Telemetry gateway lists. See Creating a Telemetry gateway list.
  4. Add a FortiClient deployment package to EMS. See Adding a FortiClient deployment package.
  5. Create an endpoint profile and select a FortiClient deployment package. See Creating a profile to deploy FortiClient.

    FortiClient EMS can deploy FortiClient (Windows) to AD endpoints that do not have FortiClient installed, as well as upgrade existing FortiClient installations if the endpoints are already connected to the EMS server. To allow initial deployment, EMS must be able to resolve the endpoint IP address via the DNS configured on the server.

    You can use with workgroups only to upgrade FortiClient (Windows) on endpoints after they connect Telemetry to EMS. When using workgroups, you must separately install FortiClient (Windows) on endpoints.

    note icon

    You can use FortiClient EMS to replace, upgrade, and uninstall FortiClient (macOS) after they connect Telemetry to EMS and FortiClient connects to FortiClient EMS. You cannot use FortiClient EMS to initially deploy FortiClient (macOS) and must separately install it on endpoints. See the FortiClient EMS Administration Guide.

  6. Prepare Windows endpoints for FortiClient deployment. See Preparing Windows endpoints for FortiClient deployment.

    You must also prepare the Windows AD server for deployment. See the FortiClient EMS Administration Guide.

  7. Create an endpoint policy configured with the desired endpoint profile and Telemetry gateway list. Configure the endpoint policy for the desired workgroup, domain, endpoint group, or organizational group. See Adding an endpoint policy.

    Depending on the selected profile's configuration, FortiClient is installed on the endpoints to which the profile is applied.

    After FortiClient installation, the endpoint connects FortiClient Telemetry to FortiClient EMS to receive the profile configuration and complete endpoint management setup.

  8. View the endpoint status. See Viewing endpoints.

Windows, macOS, and Linux endpoint management setup

This section describes how to set up FortiClient EMS for Windows, macOS, and Linux endpoint management. It provides an overview of using FortiClient EMS and FortiClient EMS integrated with FortiGate.

When FortiClient EMS is integrated with FortiGate, you can use Telemetry gateway lists to help FortiClient endpoints connect to FortiClient EMS and FortiGate.

FortiClient EMS

Following is a summary of how to use FortiClient EMS without FortiGate:

  1. Configure user accounts. See Configuring user accounts.
  2. Add domains and/or discover local endpoints. See Adding endpoints
  3. Add a FortiClient deployment package to EMS. See Adding a FortiClient deployment package.
  4. Create an endpoint profile and select a FortiClient deployment package. See Creating a profile to deploy FortiClient.

    FortiClient EMS can deploy FortiClient (Windows) to AD endpoints that do not have FortiClient installed, as well as upgrade existing FortiClient installations if the endpoints are already connected to the EMS server. To allow initial deployment, EMS must be able to resolve the endpoint IP address via the DNS configured on the server.

    You can use with workgroups only to upgrade FortiClient (Windows) on endpoints after they connect Telemetry. When using workgroups, you must separately install FortiClient (Windows) on endpoints.

    note icon

    You can use FortiClient EMS to replace, upgrade, and uninstall FortiClient (macOS) after they connect Telemetry to EMS and FortiClient connects to FortiClient EMS. You cannot use FortiClient EMS to initially deploy FortiClient (macOS) and must separately install it on endpoints. See the FortiClient EMS Administration Guide.

  5. Prepare Windows endpoints for FortiClient deployment. See Preparing Windows endpoints for FortiClient deployment.

    You must also prepare the Windows AD server for deployment. See the FortiClient EMS Administration Guide.

  6. Create an endpoint policy configured with the desired endpoint profile. Configure the endpoint policy for the desired workgroup, domain, endpoint group, or organizational group. See Adding an endpoint policy.

    Depending on the selected profile's configuration, FortiClient is installed on the endpoints to which the profile is applied.

    After FortiClient installation, the endpoint connects FortiClient Telemetry to FortiClient EMS to receive the profile configuration and complete endpoint management setup.

  7. View the endpoint status. See Viewing endpoints.

FortiClient EMS integrated with FortiGate

Following is a summary of how to use FortiClient EMS when integrated with FortiGate:

  1. Configure user accounts. See Configuring user accounts.
  2. Add domains and/or discover local endpoints. See Adding endpoints
  3. Create Telemetry gateway lists. See Creating a Telemetry gateway list.
  4. Add a FortiClient deployment package to EMS. See Adding a FortiClient deployment package.
  5. Create an endpoint profile and select a FortiClient deployment package. See Creating a profile to deploy FortiClient.

    FortiClient EMS can deploy FortiClient (Windows) to AD endpoints that do not have FortiClient installed, as well as upgrade existing FortiClient installations if the endpoints are already connected to the EMS server. To allow initial deployment, EMS must be able to resolve the endpoint IP address via the DNS configured on the server.

    You can use with workgroups only to upgrade FortiClient (Windows) on endpoints after they connect Telemetry to EMS. When using workgroups, you must separately install FortiClient (Windows) on endpoints.

    note icon

    You can use FortiClient EMS to replace, upgrade, and uninstall FortiClient (macOS) after they connect Telemetry to EMS and FortiClient connects to FortiClient EMS. You cannot use FortiClient EMS to initially deploy FortiClient (macOS) and must separately install it on endpoints. See the FortiClient EMS Administration Guide.

  6. Prepare Windows endpoints for FortiClient deployment. See Preparing Windows endpoints for FortiClient deployment.

    You must also prepare the Windows AD server for deployment. See the FortiClient EMS Administration Guide.

  7. Create an endpoint policy configured with the desired endpoint profile and Telemetry gateway list. Configure the endpoint policy for the desired workgroup, domain, endpoint group, or organizational group. See Adding an endpoint policy.

    Depending on the selected profile's configuration, FortiClient is installed on the endpoints to which the profile is applied.

    After FortiClient installation, the endpoint connects FortiClient Telemetry to FortiClient EMS to receive the profile configuration and complete endpoint management setup.

  8. View the endpoint status. See Viewing endpoints.