Adding a FortiClient deployment package
To add a deployment package:
- Go to Manage Installers > Deployment Packages.
- Click Add.
- On the Version tab, set the following options:
Use an official FortiClient installer or a custom FortiClient installer. See the FortiClient EMS Administration Guide for details on uploading a custom installer.
Select the FortiClient release version to install.
Select the specific FortiClient patch version to install.
Keep updated to the latest patch
Select to enable FortiClient to automatically update to the latest patch release when FortiClient is installed on an endpoint.
Select the desired custom FortiClient installer.
- Click Next. On the General tab, set the following options:
Enter the FortiClient deployment package's name.
Expiry Date Enter this deployment package's expiry date. After this date, users cannot use this deployment package to install FortiClient.
(Optional) Enter any notes about the FortiClient deployment package.
- Click Next. On the Features tab, set the following options:
Security Fabric Agent
Enabled by default and cannot be disabled. Installs FortiClient with Telemetry enabled.
Secure Access Architecture Components
Install FortiClient with SSL and IPsec VPN enabled. Disable to omit SSL and IPsec VPN support from the FortiClient deployment package.
Advanced Persistent Threat (APT) Components
Install FortiClient with APT components enabled. Disable to omit APT components from the FortiClient deployment package. Includes FortiSandbox detection and quarantine features.
Additional Security Features
Enable any of the following features:
- Web Filtering
- Application Firewall
- Single Sign-On (SSO) mobility agent
Disable to exclude features from the FortiClient deployment package.
FortiClient Cloud does not support all the features that an on-premise EMS supports. See Limitations of FortiClient Cloud.
- Click Next. On the Advanced tab, set the following options:
Enable automatic registration
Configure FortiClient to automatically connect Telemetry to FortiClient after FortiClient installs on the endpoint. Disable to turn off this feature and require endpoint users to manually connect Telemetry to FortiClient.
Enable desktop shortcut
Configure the FortiClient deployment package to create a desktop shortcut on the endpoint.
Enable start menu shortcut
Configure the FortiClient deployment package to create a Start menu shortcut on the endpoint.
Enable Installer ID
Configure an installer ID. Select an existing installer ID or enter a new installer ID. If creating an installer ID, select a group path or create a new group in the Group Path field. FortiClient automatically groups endpoints according to installer ID group assignment rules.
Enable Endpoint Profile
Select an endpoint profile to include in the installer. EMS applies the profile to the endpoint once it has installed FortiClient. This option is necessary if it is required to have certain security features enabled prior to contact with EMS, or if users require VPN connection to connect to EMS.
- Click Next. The Telemetry tab displays the hostname and IP address of the FortiClient server, which will manage FortiClient once it is installed on the endpoint. Also configure the following option:
Enable telemetry connection to Security Fabric (FortiGate)
Enable this option, and select the name of the gateway list to use. The gateway list defines the IP address for the FortiGate.
If you have not created a gateway list, this option is not available. See FortiClient EMS Administration Guide for details on configuring a gateway list.
- Click Finish. The FortiClient deployment package is added to FortiClient and displays on the Manage Installers > Deployment Packages pane. The deployment package may include .exe (32-bit and 64-bit), .msi, and .dmg files depending on the configuration.