Fortinet Document Library
Version:
7.0.2
7.0.1
7.0.0
Version:
6.4.4
6.4.3
6.4.2
Version:
6.4.1
6.4.0
6.2.9
Version:
6.2.8
6.2.7
6.2.6
Version:
6.2.4
6.2.3
6.2.2
Version:
6.2.1
6.2.0
6.0.8
Version:
6.0.6
6.0.5
6.0.4
Version:
6.0.3
6.0.2
6.0.1
Version:
6.0.0
1.2.5
1.2.4
Version:
1.2.3
1.2.2
1.2.1
Version:
1.2.0
1.0.5
1.0.4
Version:
1.0.3
1.0.2
1.0.1
Version:
1.0.0
Table of Contents
Introduction
FortiClient EMS components
Documentation
Getting started
Getting started with managing Windows, macOS, and Linux endpoints
Deploying FortiClient software to endpoints
Pushing configuration information to FortiClient
Relationship between FortiClient EMS, FortiGate, and FortiClient
Standalone FortiClient EMS
FortiClient EMS integrated with FortiGate
Quarantining an endpoint from FortiOS using EMS
Getting started with managing Chromebooks
Configuring FortiClient EMS for Chromebooks
Configuring the Google Admin console
Deploying profiles to Chromebooks
How FortiClient EMS and FortiClient work with Chromebooks
Installation preparation
System requirements
License types
FortiClient EMS
Component applications
Required services and ports
Management capacity
FortiClient Telemetry security features
Server readiness checklist for installation
Upgrading from an earlier FortiClient EMS version
Install preparation for managing Chromebooks
Installation and licensing
Downloading the installation file
Installing FortiClient EMS
Installing FortiClient EMS using the CLI
Allowing remote access to FortiClient EMS and using custom port numbers
Customizing the SQL Server Express install directory
Installing FortiClient EMS to specify SQL Server Enterprise or Standard instance
Starting FortiClient EMS and logging in
Accessing FortiClient EMS remotely
Licensing FortiClient EMS
Licensing EMS by logging in to FortiCloud
Uploading a license file
License status
Help with licensing
Specifying different ports
Upgrading Microsoft SQL Server Express to Microsoft SQL Server Standard or Enterprise
Uninstalling FortiClient EMS
Chromebook-only setup
Google Admin Console setup
Logging into the Google Admin console
Adding the FortiClient Web Filter extension
Configuring the FortiClient Web Filter extension
Adding root certificates
Communication with the FortiClient Chromebook Web Filter extension
Communication with FortiAnalyzer for logging
Summary of where to add certificates
Uploading root certificates to the Google Admin console
Disabling access to Chrome developer tools
Disallowing incognito mode
Disabling guest mode
Blocking the Chrome task manager
Verifying the FortiClient Web Filter extension
Service account credentials
Configuring default service account credentials
Configuring unique service account credentials
Creating unique service account credentials
Adding service account credentials to the Google Admin console
Adding service account credentials to EMS
GUI
Banner
Left pane
Content pane
Dashboard
Viewing the FortiClient Status
System Information widget
License Information widget
FortiClient Status charts and widgets
Viewing the Vulnerability Scan dashboard
Viewing current vulnerabilities
Viewing the Endpoint Scan Status
Viewing the top 10 vulnerable endpoints with high risk vulnerabilities
Viewing top ten vulnerabilities on endpoints
Viewing Chromebook Status
Endpoint management
Windows, macOS, and Linux endpoints
Managing groups
Adding endpoints
Viewing endpoints
Viewing the Endpoints pane
Using the quick status bar
Viewing endpoint details
Filtering the list of endpoints
Using bookmarks to filter the list of endpoints
Viewing Sandbox event details
Managing endpoints
Running AV scans on endpoints
Running vulnerability scans on endpoints
Patching vulnerabilities on endpoints
Uploading FortiClient logs
Running the FortiClient diagnostic tool
Updating signatures
Reregistering endpoints
Disconnecting and connecting endpoints
Quarantining an endpoint
Quarantining an endpoint from FortiOS using EMS
Excluding endpoints from management
Deleting endpoints
Provisioning FortiClient (Android) endpoints for central management
Google Domains
Adding a Google domain
Viewing domains
Viewing the Google Users pane
Viewing user details
Editing a domain
Deleting a domain
Group assignment rules
Group assignment rule types
Managing group assignment rule priority levels
Adding a group assignment rule
Enabling/disabling a group assignment rule
Deleting a group assignment rule
Quarantine Management
Files
Viewing quarantined files
Allowlisting quarantined files
Configuring quarantine management
Whitelist
Viewing allowlisted files
Editing file descriptions
Deleting a file from the allowlist
Software Inventory
Applications
Hosts
Endpoint Policy
Adding an endpoint policy
Editing an endpoint policy
Deleting an endpoint policy
Enabling/disabling an endpoint policy
Managing endpoint policy priority levels
Chromebook Policy
Endpoint Profiles
Configuring profiles
Editing a default profile
Configuring profiles for Windows, macOS, and Linux endpoints
Creating a profile to configure FortiClient
Creating a profile to deploy FortiClient
Creating a profile to uninstall FortiClient
Importing FortiGate Web Filter profiles
Importing Web Filter profiles from FortiManager
Creating a profile with XML
Creating a profile to automatically upgrade FortiClient
Configuring profiles for Chromebooks
Adding a new profile
Enabling and disabling Safe Search
Viewing profiles
Managing profiles
Editing a profile
Cloning a profile
Syncing profile changes
Editing sync schedules
Deleting profiles
Profile references
Profile Name
Malware Protection
Sandbox Detection
Web Filter
Application Firewall
VPN
Vulnerability Scan
System Settings
XML Configuration
Managing installers
Deployment Packages
Adding a FortiClient deployment package
Viewing deployment packages
Deleting a FortiClient deployment package
FortiClient installers
Adding a custom FortiClient installer
Viewing installers
Policy Components
CA Certificates
On-net Detection Rules
Telemetry Gateway Lists
Creating a Telemetry gateway list
Exporting a Telemetry gateway list to XML
Viewing Telemetry gateway lists
Viewing assigned Telemetry gateway lists
Compliance Verification
Compliance Verification Rules
Adding a compliance verification rule set
Editing a compliance verification rule set
Deleting a compliance verification rule
Managing tags
Compliance verification rule types
Host Tag Monitor
Configuring FortiOS dynamic policies using EMS dynamic endpoint groups
Fabric Device Monitor
Deployment
Preparing the AD server for deployment
Configuring a group policy on the AD server
Configuring required Windows services
Creating deployment rules for Windows firewall
Configuring Windows firewall domain profile settings
Preparing Windows endpoints for FortiClient deployment
Deploying FortiClient on endpoints
Deploying initial installations of FortiClient (macOS)
Deploying FortiClient upgrades from FortiClient EMS
Administration
Administrators
Viewing users
Configuring Windows and LDAP user accounts
Creating new user accounts
Activating a disabled account
Admin roles
Adding an admin role
Cloning an admin role
Deleting admin roles
Admin role permissions reference
User Servers
Adding a user server
Editing a user server
Deleting a user server
Viewing user servers
Configuring User Settings
Database management
Licenses
Logs
System Settings
Configuring Server settings
Adding an SSL certificate to FortiClient EMS for Chromebook endpoints
Configuring Logs settings
Configuring Fortinet Services settings
Configuring Endpoints settings
Configuring the login banner
SAML SSO
Alerts
Configuring EMS Alerts
Configuring Endpoints Alerts
Configuring SMTP Server settings
Viewing alerts
Custom Messages
Customizing the endpoint quarantine message
Customizing Web Filter messages
Creating a support package
Home
FortiClient 6.2.3
EMS Administration Guide
EMS Administration Guide
Introduction
FortiClient EMS components
Documentation
Getting started
Getting started with managing Windows, macOS, and Linux endpoints
Deploying FortiClient software to endpoints
Pushing configuration information to FortiClient
Relationship between FortiClient EMS, FortiGate, and FortiClient
Standalone FortiClient EMS
FortiClient EMS integrated with FortiGate
Quarantining an endpoint from FortiOS using EMS
Getting started with managing Chromebooks
Configuring FortiClient EMS for Chromebooks
Configuring the Google Admin console
Deploying profiles to Chromebooks
How FortiClient EMS and FortiClient work with Chromebooks
Installation preparation
System requirements
License types
FortiClient EMS
Component applications
Required services and ports
Management capacity
FortiClient Telemetry security features
Server readiness checklist for installation
Upgrading from an earlier FortiClient EMS version
Install preparation for managing Chromebooks
Installation and licensing
Downloading the installation file
Installing FortiClient EMS
Installing FortiClient EMS using the CLI
Allowing remote access to FortiClient EMS and using custom port numbers
Customizing the SQL Server Express install directory
Installing FortiClient EMS to specify SQL Server Enterprise or Standard instance
Starting FortiClient EMS and logging in
Accessing FortiClient EMS remotely
Licensing FortiClient EMS
Licensing EMS by logging in to FortiCloud
Uploading a license file
License status
Help with licensing
Specifying different ports
Upgrading Microsoft SQL Server Express to Microsoft SQL Server Standard or Enterprise
Uninstalling FortiClient EMS
Chromebook-only setup
Google Admin Console setup
Logging into the Google Admin console
Adding the FortiClient Web Filter extension
Configuring the FortiClient Web Filter extension
Adding root certificates
Communication with the FortiClient Chromebook Web Filter extension
Communication with FortiAnalyzer for logging
Summary of where to add certificates
Uploading root certificates to the Google Admin console
Disabling access to Chrome developer tools
Disallowing incognito mode
Disabling guest mode
Blocking the Chrome task manager
Verifying the FortiClient Web Filter extension
Service account credentials
Configuring default service account credentials
Configuring unique service account credentials
Creating unique service account credentials
Adding service account credentials to the Google Admin console
Adding service account credentials to EMS
GUI
Banner
Left pane
Content pane
Dashboard
Viewing the FortiClient Status
System Information widget
License Information widget
FortiClient Status charts and widgets
Viewing the Vulnerability Scan dashboard
Viewing current vulnerabilities
Viewing the Endpoint Scan Status
Viewing the top 10 vulnerable endpoints with high risk vulnerabilities
Viewing top ten vulnerabilities on endpoints
Viewing Chromebook Status
Endpoint management
Windows, macOS, and Linux endpoints
Managing groups
Adding endpoints
Viewing endpoints
Viewing the Endpoints pane
Using the quick status bar
Viewing endpoint details
Filtering the list of endpoints
Using bookmarks to filter the list of endpoints
Viewing Sandbox event details
Managing endpoints
Running AV scans on endpoints
Running vulnerability scans on endpoints
Patching vulnerabilities on endpoints
Uploading FortiClient logs
Running the FortiClient diagnostic tool
Updating signatures
Reregistering endpoints
Disconnecting and connecting endpoints
Quarantining an endpoint
Quarantining an endpoint from FortiOS using EMS
Excluding endpoints from management
Deleting endpoints
Provisioning FortiClient (Android) endpoints for central management
Google Domains
Adding a Google domain
Viewing domains
Viewing the Google Users pane
Viewing user details
Editing a domain
Deleting a domain
Group assignment rules
Group assignment rule types
Managing group assignment rule priority levels
Adding a group assignment rule
Enabling/disabling a group assignment rule
Deleting a group assignment rule
Quarantine Management
Files
Viewing quarantined files
Allowlisting quarantined files
Configuring quarantine management
Whitelist
Viewing allowlisted files
Editing file descriptions
Deleting a file from the allowlist
Software Inventory
Applications
Hosts
Endpoint Policy
Adding an endpoint policy
Editing an endpoint policy
Deleting an endpoint policy
Enabling/disabling an endpoint policy
Managing endpoint policy priority levels
Chromebook Policy
Endpoint Profiles
Configuring profiles
Editing a default profile
Configuring profiles for Windows, macOS, and Linux endpoints
Creating a profile to configure FortiClient
Creating a profile to deploy FortiClient
Creating a profile to uninstall FortiClient
Importing FortiGate Web Filter profiles
Importing Web Filter profiles from FortiManager
Creating a profile with XML
Creating a profile to automatically upgrade FortiClient
Configuring profiles for Chromebooks
Adding a new profile
Enabling and disabling Safe Search
Viewing profiles
Managing profiles
Editing a profile
Cloning a profile
Syncing profile changes
Editing sync schedules
Deleting profiles
Profile references
Profile Name
Malware Protection
Sandbox Detection
Web Filter
Application Firewall
VPN
Vulnerability Scan
System Settings
XML Configuration
Managing installers
Deployment Packages
Adding a FortiClient deployment package
Viewing deployment packages
Deleting a FortiClient deployment package
FortiClient installers
Adding a custom FortiClient installer
Viewing installers
Policy Components
CA Certificates
On-net Detection Rules
Telemetry Gateway Lists
Creating a Telemetry gateway list
Exporting a Telemetry gateway list to XML
Viewing Telemetry gateway lists
Viewing assigned Telemetry gateway lists
Compliance Verification
Compliance Verification Rules
Adding a compliance verification rule set
Editing a compliance verification rule set
Deleting a compliance verification rule
Managing tags
Compliance verification rule types
Host Tag Monitor
Configuring FortiOS dynamic policies using EMS dynamic endpoint groups
Fabric Device Monitor
Deployment
Preparing the AD server for deployment
Configuring a group policy on the AD server
Configuring required Windows services
Creating deployment rules for Windows firewall
Configuring Windows firewall domain profile settings
Preparing Windows endpoints for FortiClient deployment
Deploying FortiClient on endpoints
Deploying initial installations of FortiClient (macOS)
Deploying FortiClient upgrades from FortiClient EMS
Administration
Administrators
Viewing users
Configuring Windows and LDAP user accounts
Creating new user accounts
Activating a disabled account
Admin roles
Adding an admin role
Cloning an admin role
Deleting admin roles
Admin role permissions reference
User Servers
Adding a user server
Editing a user server
Deleting a user server
Viewing user servers
Configuring User Settings
Database management
Licenses
Logs
System Settings
Configuring Server settings
Adding an SSL certificate to FortiClient EMS for Chromebook endpoints
Configuring Logs settings
Configuring Fortinet Services settings
Configuring Endpoints settings
Configuring the login banner
SAML SSO
Alerts
Configuring EMS Alerts
Configuring Endpoints Alerts
Configuring SMTP Server settings
Viewing alerts
Custom Messages
Customizing the endpoint quarantine message
Customizing Web Filter messages
Creating a support package
6.2.3
7.0.2
7.0.1
7.0.0
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.9
6.2.8
6.2.7
6.2.6
6.2.4
6.2.3
6.2.2
6.2.1
6.2.0
6.0.8
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
1.2.5
1.2.4
1.2.3
1.2.2
1.2.1
1.2.0
1.0.5
1.0.4
1.0.3
1.0.2
1.0.1
1.0.0
Download PDF
Copy Link
Policy Components
You can manage CA certificates and on-net detection rules under
Policy Components
.
Policy Components
Policy Components
You can manage CA certificates and on-net detection rules under
Policy Components
.
Link
PDF
TOC
