Fortinet black logo

Administration Guide

FortiClient setup types and modules

FortiClient setup types and modules

When the administrator creates a FortiClient deployment package in EMS, they choose which setup type and modules to install:

  • Security Fabric Agent
  • Secure Access Architecture Components
  • Advanced Persistent Threat (APT) Components
  • Additional Security Features

The following table summarizes the impact of the options:

Setup type

Description

Impact on FortiClient

Security Fabric Agent

Enabled by default and installs components to support the Security Fabric available with FortiGate, including FortiClient Telemetry, vulnerability scanning, and vulnerability remediation.

Displays the following tabs:

  • Fabric Telemetry
  • Vulnerability Scan

Secure Access Architecture Components

Optional. Supports SSL and IPsec VPN access.

Displays the Remote Access tab.

Advanced Persistent Threat (APT) Components

Optional. Supports FortiSandbox and quarantine features.

Enables the Sandbox Detection tab to connect to FortiSandbox.

Additional Security Features

Optional. Supports AntiVirus, Web Filtering, Application Firewall, SSO mobility agent, and cloud-based malware outbreak detection. The administrator may select one, more, or all security features.

Displays the following tabs when all security features are selected:

  • Malware Protection
  • Web Filter
  • Application Firewall

When Single Sign On is selected, FortiClient supports the SSO feature.

When a security feature is not selected, the tab is hidden from view in FortiClient.

The administrator can use an EMS profile to disable installed components in FortiClient but cannot use an EMS profile to enable uninstalled components in FortiClient. See EMS and endpoint profiles.

For example, if the administrator creates the EMS installer with APT components selected, the Sandbox Detection tab is enabled in FortiClient. The administrator can use an EMS profile to disable Sandbox Detection. However, if the installer did not include APT components, the Sandbox Detection tab is disabled in FortiClient and the administrator cannot use an EMS profile to enable Sandbox Detection.

FortiClient setup types and modules

When the administrator creates a FortiClient deployment package in EMS, they choose which setup type and modules to install:

  • Security Fabric Agent
  • Secure Access Architecture Components
  • Advanced Persistent Threat (APT) Components
  • Additional Security Features

The following table summarizes the impact of the options:

Setup type

Description

Impact on FortiClient

Security Fabric Agent

Enabled by default and installs components to support the Security Fabric available with FortiGate, including FortiClient Telemetry, vulnerability scanning, and vulnerability remediation.

Displays the following tabs:

  • Fabric Telemetry
  • Vulnerability Scan

Secure Access Architecture Components

Optional. Supports SSL and IPsec VPN access.

Displays the Remote Access tab.

Advanced Persistent Threat (APT) Components

Optional. Supports FortiSandbox and quarantine features.

Enables the Sandbox Detection tab to connect to FortiSandbox.

Additional Security Features

Optional. Supports AntiVirus, Web Filtering, Application Firewall, SSO mobility agent, and cloud-based malware outbreak detection. The administrator may select one, more, or all security features.

Displays the following tabs when all security features are selected:

  • Malware Protection
  • Web Filter
  • Application Firewall

When Single Sign On is selected, FortiClient supports the SSO feature.

When a security feature is not selected, the tab is hidden from view in FortiClient.

The administrator can use an EMS profile to disable installed components in FortiClient but cannot use an EMS profile to enable uninstalled components in FortiClient. See EMS and endpoint profiles.

For example, if the administrator creates the EMS installer with APT components selected, the Sandbox Detection tab is enabled in FortiClient. The administrator can use an EMS profile to disable Sandbox Detection. However, if the installer did not include APT components, the Sandbox Detection tab is disabled in FortiClient and the administrator cannot use an EMS profile to enable Sandbox Detection.