Fortinet black logo

EMS Administration Guide

Creating a profile to deploy FortiClient

Creating a profile to deploy FortiClient

You must create a new profile to deploy FortiClient to endpoints. You cannot add a FortiClient deployment package to the default profile.

You must add FortiClient deployment packages to FortiClient EMS before you can select the deployment packages in a profile. See Adding a FortiClient deployment package.

The selected FortiClient deployment package in a profile controls what tabs display for configuration in the profile. Only the tabs for the features in the selected deployment package display for configuration in the profile. For example, if the deployment package includes only the VPN feature, only the VPN tab displays for you to configure. The System Settings tab always displays.

You can disable a feature included in the deployment package, then enable the feature in the profile later. For example, if the deployment package includes the Web Filter and VPN features, you can disable the Web Filter feature and keep the VPN feature enabled. When FortiClient is installed on the endpoint, the Web Filter is installed, but disabled.

To create a profile to deploy FortiClient:
  1. Go to Endpoint Profiles > Manage Profile, and click the Add button.
  2. On the Deployment tab, enable FortiClient Deployment. The FortiClient deployment options display.
  3. Set the following options on the Deployment tab:

    Action

    Action

    Click Install.

    Deployment Package

    In the Deployment Package list, select the desired FortiClient deployment package. If you have not added a FortiClient deployment package to FortiClient EMS, see Adding a FortiClient deployment package.

    The selected FortiClient deployment package affects what tabs display for configuration. Only tabs related to features enabled in the FortiClient deployment package display for configuration.

    Schedule

    Start At

    Specify what time to start installing FortiClient on endpoints.

    Reboot When Needed

    Reboot the endpoint to install FortiClient when needed.

    Reboot when no users are logged in

    Allow the endpoint to reboot without prompt if no endpoint user is logged into FortiClient.

    Notify users and let the user decide when to reboot when they are logged in

    Notify the end user if a reboot of the endpoint is needed and allow the user to decide what time to reboot the endpoint. Disable to reboot the endpoint without notifying the user.

    Credentials

    Username

    Enter the username to perform deployment on AD. You must enter the admin credentials for the AD in the profile. Enter the appropriate credentials in the profile to assign to the AD. The credentials allow FortiClient EMS to install FortiClient on endpoints using AD. If the credentials are wrong, the installation fails, and an error displays in FortiClient EMS.

    Password

    Enter the password to perform deployment on AD.

  4. Set the options on the remaining tabs.
  5. Click Save.

Creating a profile to deploy FortiClient

You must create a new profile to deploy FortiClient to endpoints. You cannot add a FortiClient deployment package to the default profile.

You must add FortiClient deployment packages to FortiClient EMS before you can select the deployment packages in a profile. See Adding a FortiClient deployment package.

The selected FortiClient deployment package in a profile controls what tabs display for configuration in the profile. Only the tabs for the features in the selected deployment package display for configuration in the profile. For example, if the deployment package includes only the VPN feature, only the VPN tab displays for you to configure. The System Settings tab always displays.

You can disable a feature included in the deployment package, then enable the feature in the profile later. For example, if the deployment package includes the Web Filter and VPN features, you can disable the Web Filter feature and keep the VPN feature enabled. When FortiClient is installed on the endpoint, the Web Filter is installed, but disabled.

To create a profile to deploy FortiClient:
  1. Go to Endpoint Profiles > Manage Profile, and click the Add button.
  2. On the Deployment tab, enable FortiClient Deployment. The FortiClient deployment options display.
  3. Set the following options on the Deployment tab:

    Action

    Action

    Click Install.

    Deployment Package

    In the Deployment Package list, select the desired FortiClient deployment package. If you have not added a FortiClient deployment package to FortiClient EMS, see Adding a FortiClient deployment package.

    The selected FortiClient deployment package affects what tabs display for configuration. Only tabs related to features enabled in the FortiClient deployment package display for configuration.

    Schedule

    Start At

    Specify what time to start installing FortiClient on endpoints.

    Reboot When Needed

    Reboot the endpoint to install FortiClient when needed.

    Reboot when no users are logged in

    Allow the endpoint to reboot without prompt if no endpoint user is logged into FortiClient.

    Notify users and let the user decide when to reboot when they are logged in

    Notify the end user if a reboot of the endpoint is needed and allow the user to decide what time to reboot the endpoint. Disable to reboot the endpoint without notifying the user.

    Credentials

    Username

    Enter the username to perform deployment on AD. You must enter the admin credentials for the AD in the profile. Enter the appropriate credentials in the profile to assign to the AD. The credentials allow FortiClient EMS to install FortiClient on endpoints using AD. If the credentials are wrong, the installation fails, and an error displays in FortiClient EMS.

    Password

    Enter the password to perform deployment on AD.

  4. Set the options on the remaining tabs.
  5. Click Save.