System Settings
The majority of these configuration options are only available for Windows, macOS, and Linux profiles. Options available for Chromebook profiles, such as Upload Logs to FortiAnalyzer/FortiManager, are indicated as such in the table below.
Some options are only available when Advanced view is enabled.
Configuration |
Description |
|
---|---|---|
UI |
Specify how the FortiClient user interface appears when installed on endpoints. |
|
Turn on password lock for FortiClient. |
||
|
Password |
Enter a password. The endpoint user must enter this password to disconnect FortiClient from FortiClient EMS. |
Do Not Allow User to Back Up Configuration |
Disallow users from backing up the FortiClient configuration. |
|
Hide User Information |
Hide the User Details panel where the user can provide user details (avatar, name, phone number, email address), and link to a social media (LinkedIn, Google, Salesforce) account. |
|
Hide System Tray Icon |
Hide the FortiClient system tray icon. |
|
Show Host Tag on FortiClient GUI |
Show the applied host tag on the FortiClient GUI. See Compliance Verification. |
|
Language |
Configure the language that FortiClient uses. By default, FortiClient uses the system operating language. Select one of the following:
|
|
Log |
Specify FortiClient log settings. |
|
Level |
This option is available for Chromebook profiles. Generates logs equal to and more critical than the selected level. Select one of the following:
|
|
Features |
Select features to generate logs for:
|
|
Client-Based Logging When On-Net |
Include local log messages when FortiClient is on-net. For information about the on-net feature, see the FortiClient Administration Guide. |
|
Upload Logs to FortiAnalyzer/FortiManager |
This option and all nested options are available for Chromebook profiles. Configure endpoints to sends logs to the FortiAnalyzer or FortiManager at the specified address or hostname. If the Send Software Inventory option below is also enabled, FortiClient also sends software inventory information to FortiAnalyzer or FortiManager. |
|
|
Upload UTM Logs |
Upload unified threat management logs to FortiAnalyzer or FortiManager. |
|
Upload Vulnerability Logs |
Upload vulnerability logs to FortiAnalyzer or FortiManager. |
|
Upload Event Logs |
Upload event logs to FortiAnalyzer or FortiManager. |
|
Send Software Inventory |
Send software inventory to FortiAnalyzer or FortiManager. |
|
IP Address/Hostname |
Enter the FortiAnalyzer IP address or hostname/FQDN. With Chromebook profiles, use the format https://FAZ-IP:port/logging. If using a port other than the default, use <address>:<port>. |
|
SSL Enabled |
Enable SSL. |
|
Upload Schedule |
Configure the upload schedule in minutes. |
|
Log Generation Timeout |
Configure the log generation timeout in seconds. |
|
Log Retention |
Configure the duration of time to retain logs in days. |
Proxy |
|
|
Use Proxy for Updates |
Access FortiGuard using the configured proxy. |
|
|
Connect to FDN Directly If Proxy Is Offline |
Connect to FDN directly if proxy is offline. |
Use Proxy for Virus Submission |
Use the configured proxy to submit viruses to FortiGuard. |
|
|
Type |
Configure the type. Options include:
|
|
IP Address/Hostname |
Enter the proxy server's IP address/hostname. |
|
Port |
Enter the proxy server's port number. The port range is from 1 to 65535. |
|
Username |
If the proxy requires authentication, enter the username. Enter the encrypted or non-encrypted username. |
|
Password |
If the proxy requires authentication, enter the password. Enter the encrypted or non-encrypted username. Enable Show Password to show the password in plain text. |
Update |
Specify whether to use FortiManager or Micro-FortiGuard Server for FortiClient to update FortiClient on endpoints. |
|
Use FortiManager for Client Signature Update |
Enable FortiClient EMS to obtain AV signatures from the FortiManager or Micro-FortiGuard Server for FortiClient at the specified IP address or hostname. |
|
|
IP Address/Hostname |
Enter the FortiManager IP address/hostname. |
|
Port |
Enter the port number. |
|
Failover Port |
Enter the failover port. |
|
Timeout |
Enter the timeout interval. |
|
Failover to FDN When FortiManager Is Not Available |
Fail over to FDN when FortiManager or Micro-FortiGuard Server for FortiClient is not available. |
Software Update |
|
Automatically update FortiClient software on endpoints. If Use FortiManager for Client Signature Update is enabled, FortiClient checks if there is a newer FortiClient version available from FortiManager. If there is a newer FortiClient version available, the configured Update Action is executed. If Use FortiManager for Client Signature Update is disabled, FortiClient checks if there is a newer FortiClient version available from FDN, and if FDN allows the update. Currently, FDN does not allow automatic upgrade for FortiClient versions 6.2 and 6.0. |
|
Update Action |
Select the option to implement when new software updates are available:
|
Scheduled Updates |
|
Configure the schedule to check for new software updates and signatures. |
|
Schedule Type |
Select Interval or Daily for your schedule time. |
|
Update Every |
Configure the interval to check for new software updates and signatures. |
FortiGuard Server Location |
Configure the FortiGuard server location:
|
|
Server |
Configure FortiGuard server location:
|
|
FortiProxy |
Enable FortiProxy (disable only when troubleshooting). You must enable FortiProxy to use Web Filter and some AV options. |
|
HTTPS Proxy |
Enable HTTPS proxy. If disabled, FortiProxy no longer inspects HTTPS traffic. |
|
|
HTTP Timeout |
Enter the HTTP connection timeout interval in seconds. FortiProxy determines if the remote server is available based on this timeout value. Lower this timeout value if your client requires a faster fail response. |
POP3 Client Comforting |
Enable POP3 client comforting. Client comforting helps to prevent POP3 clients from complaining that the server has not responded in time. |
|
POP3 Server Comforting |
Enable POP3 server comforting. Server comforting helps to prevent POP3 servers from complaining that the client has not responded in time. This may be used in a situation where FortiClient is installed on a mail server. |
|
SMTP Client Comforting |
Enable SMTP client comforting. SMTP comforting helps to prevent SMTP clients from complaining that the server has not responded in time. |
|
Self Test |
FortiProxy can detect if other software is disrupting internal traffic between FortiProxy's internal modules. It does this by sending packets periodically to 1.1.1.1, which are intercepted by FortiClient and dropped (they never leave the computer). If the packets are not detected, then it is deemed highly likely that third party software is intercepting the packets, signaling that FortiProxy cannot perform regular traffic filtering. Enable self tests. FortiProxy periodically checks its own connectivity to determine if it is able to proxy other applications' traffic. |
|
|
Notify |
Display a bubble notification when self-testing detects that a third party program has blocked HTTP/HTTPS filtering and SMTP/POP3 AV scanning. |
|
Last Port |
Enter the last port number used. This is the highest port number you want to allow FortiProxy to listen on. Use to prevent FortiProxy from binding to another port that another service normally uses. The available port range is 65535 to 10000. |
Endpoint Control |
||
Show Bubble Notifications |
Show bubble notifications when FortiClient installs new policies on endpoints. |
|
Log off When User Logs Out of Windows |
Log off FortiClient when the endpoint user logs out of Windows. Turn off to remain logged in. |
|
Disable Unregister |
Forbid users from disconnecting FortiClient from FortiClient EMS. |
|
Disable FortiGate Switch |
Disable FortiGate switch. When the FortiGate switch is disabled, the following occurs:
|
|
Hide Compliance Enforcement Feature Message from Compliance Tab |
Hide the compliance enforcement feature message from the Compliance & Telemetry tab. This option is only enforced on FortiClients connected to FortiClient EMS. This option does not apply to monitored clients. This option only applies for endpoints running FortiClient versions earlier than 6.2.0. |
|
Hide Compliance Enforcement Feature Message from Compliance Tab |
Hide the compliance enforcement feature message from the Compliance & Telemetry tab. This option is only enforced on FortiClients connected to FortiClient EMS. This option does not apply to monitored clients. This option only applies for endpoints running FortiClient versions earlier than 6.2.0. |
|
On-Net Subnets |
Turn on to enable on-net subnets. For details on how FortiClient determines on-net/off-net status, see the FortiClient Administration Guide. This option only applies for endpoints running FortiClient 6.2.1 and earlier versions. For endpoints running FortiClient 6.2.2 and later versions, see On-net Detection Rules. |
|
|
IP Addresses/Subnet Masks |
Enter IP addresses/subnet mask to connect to on-net subnets. |
|
Enable gateway MAC address. |
|
|
MAC Addresses |
Enter MAC addresses. |
Send Software Inventory |
Send installed application information to FortiClient EMS. If the Upload Logs to FortiAnalyzer/FortiManager option is enabled, the endpoint also sends the software inventory information to FortiAnalyzer. See Software Inventory. |
|
Other |
|
|
Install CA Certificate on Client |
Turn on to select and install a CA certificate on the FortiClient endpoint. You can add certificates by going to Policy Components > Manage CA Certificates. |
|
FortiClient Single Sign-On Mobility Agent |
Enable Single Sign-On Mobility Agent for FortiAuthenticator. To use this feature you need to apply a FortiClient SSO mobility agent license to your FortiAuthenticator. |
|
|
IP Address/Hostname |
Enter the FortiAuthenticator IP address or hostname. |
|
Port |
Enter the port number. |
|
Pre-Shared Key |
Enter the preshared key. The preshared key should match the key configured on your FortiAuthenticator. |
iOS |
|
|
Distribute Configuration Profile |
Enable and browse for your |
|
Privacy |
|
|
Send Usage Statistics to Fortinet
|
Submit virus information to FDS. This information is used to improve Fortinet's product quality and user experience. |