Installing FortiClient EMS creates a default profile. EMS applies this profile to any groups that you create. The default profile is designed to provide effective levels of protection. To use specific features, such as application firewall, create a new profile or change the default profile.
Consider the following when creating profiles:
- Use default settings within a profile.
- Consider the endpoint's role when changing the default profile or creating new profiles.
- Create a separate group and profile for endpoints requiring long-term special configuration.
- Use FortiClient EMS for all central profile settings, and set options for within the group instead of for the endpoint itself when possible.
You must create a new profile to deploy FortiClient to endpoints. You cannot add a FortiClient deployment package to the default profile.
You must add FortiClient deployment packages to FortiClient EMS before you can select the deployment packages in a profile. See Adding a FortiClient deployment package.
The selected FortiClient deployment package in a profile controls what tabs display for configuration in the profile. Only the tabs for the features in the selected deployment package display for configuration in the profile. For example, if the deployment package includes only the VPN feature, only the VPN tab displays for you to configure. The System Settings tab always displays.
You can disable a feature included in the deployment package, then enable the feature in the profile later. For example, if the deployment package includes the Web Filter and VPN features, you can disable the Web Filter feature and keep the VPN feature enabled. When FortiClient is installed on the endpoint, the Web Filter is installed, but disabled.
- Go to Endpoint Profiles > Manage Profile, and click the Add button.
- On the Deployment tab, enable FortiClient Deployment. The FortiClient deployment options display.
- Set the following options on the Deployment tab:
In the Deployment Package list, select the desired FortiClient deployment package.
The selected FortiClient deployment package affects what tabs display for configuration. Only tabs related to features enabled in the FortiClient deployment package display for configuration.
Specify what time to start installing FortiClient on endpoints.
Reboot When Needed
Reboot the endpoint to install FortiClient when needed.
Reboot when no users are logged in
Allow the endpoint to reboot without prompt if no endpoint user is logged into FortiClient.
Notify users and let the user decide when to reboot when they are logged in
Notify the end user if a reboot of the endpoint is needed and allow the user to decide what time to reboot the endpoint. Disable to reboot the endpoint without notifying the user.
Enter the username to perform deployment on AD. You must enter the admin credentials for the AD in the profile. Enter the appropriate credentials in the profile to assign to the AD. The credentials allow FortiClient EMS to install FortiClient on endpoints using AD. If the credentials are wrong, the installation fails, and an error displays in FortiClient EMS.
Enter the password to perform deployment on AD.
- Set the options on the remaining tabs.
- Click Save.