Fortinet black logo

EMS QuickStart Guide

Windows, macOS, and Linux endpoint management setup

Windows, macOS, and Linux endpoint management setup

This section describes how to set up FortiClient EMS for Windows, macOS, and Linux endpoint management. It provides an overview of using FortiClient EMS and FortiClient EMS integrated with FortiGate.

FortiClient EMS

Following is a summary of how to use FortiClient EMS without FortiGate:

  1. Configure user accounts. See Configuring user accounts.
  2. Add domains and/or discover local endpoints. See Adding endpoints
  3. Create an endpoint profile. See Creating a profile to configure FortiClient.

    FortiClient EMS can deploy FortiClient (Windows) to AD endpoints that do not have FortiClient installed, as well as upgrade existing FortiClient installations if the endpoints are already connected to the EMS server. To allow initial deployment, EMS must be able to resolve the endpoint IP address via the DNS configured on the server.

    You can use with workgroups only to upgrade FortiClient (Windows) on endpoints after they connect Telemetry. When using workgroups, you must separately install FortiClient (Windows) on endpoints.

    note icon

    You can use FortiClient EMS to replace, upgrade, and uninstall FortiClient (macOS) after they connect Telemetry to EMS and FortiClient connects to FortiClient EMS. You cannot use FortiClient EMS to initially deploy FortiClient (macOS) and must separately install it on endpoints. See the FortiClient EMS Administration Guide.

  4. Add a FortiClient deployment package to EMS and configure it with the profile that you created in step 3. See Adding a FortiClient deployment package.
  5. Prepare Windows endpoints for FortiClient deployment. See Preparing Windows endpoints for FortiClient deployment.

    You must also prepare the Windows AD server for deployment. See the FortiClient EMS Administration Guide.

  6. Create a deployment configuration with the desired deployment package. Configure the deployment configuration for the desired workgroup, domain, endpoint group, or organizational group. See Creating a deployment configuration.

    Depending on the selected profile's configuration, FortiClient is installed on the endpoints to which the profile is applied.

    After FortiClient installation, the endpoint connects FortiClient Telemetry to FortiClient EMS to receive the profile configuration and complete endpoint management setup.

  7. View the endpoint status. See Viewing endpoints.

FortiClient EMS integrated with FortiGate

Following is a summary of how to use FortiClient EMS when integrated with FortiGate. This deployment only applies for endpoints with a version of FortiClient earlier than 6.4.0 installed:

  1. Configure user accounts. See Configuring user accounts.
  2. Add domains and/or discover local endpoints. See Adding endpoints
  3. Create an endpoint profile. See Creating a profile to configure FortiClient.

    FortiClient EMS can deploy FortiClient (Windows) to AD endpoints that do not have FortiClient installed, as well as upgrade existing FortiClient installations if the endpoints are already connected to the EMS server. To allow initial deployment, EMS must be able to resolve the endpoint IP address via the DNS configured on the server.

    You can use with workgroups only to upgrade FortiClient (Windows) on endpoints after they connect Telemetry to EMS. When using workgroups, you must separately install FortiClient (Windows) on endpoints.

    note icon

    You can use FortiClient EMS to replace, upgrade, and uninstall FortiClient (macOS) after they connect Telemetry to EMS and FortiClient connects to FortiClient EMS. You cannot use FortiClient EMS to initially deploy FortiClient (macOS) and must separately install it on endpoints. See the FortiClient EMS Administration Guide.

  4. Add a FortiClient deployment package to EMS and configure it with the profile that you created in step 3. See Adding a FortiClient deployment package.
  5. Prepare Windows endpoints for FortiClient deployment. See Preparing Windows endpoints for FortiClient deployment.

    You must also prepare the Windows AD server for deployment. See the FortiClient EMS Administration Guide.

  6. Create a deployment configuration with the desired deployment package. Configure the deployment configuration for the desired workgroup, domain, endpoint group, or organizational group. See Creating a deployment configuration.

    Depending on the selected profile's configuration, FortiClient is installed on the endpoints to which the profile is applied.

    After FortiClient installation, the endpoint connects FortiClient Telemetry to FortiClient EMS to receive the profile configuration and complete endpoint management setup.

  7. View the endpoint status. See Viewing endpoints.

Windows, macOS, and Linux endpoint management setup

Windows, macOS, and Linux endpoint management setup

This section describes how to set up FortiClient EMS for Windows, macOS, and Linux endpoint management. It provides an overview of using FortiClient EMS and FortiClient EMS integrated with FortiGate.

FortiClient EMS

Following is a summary of how to use FortiClient EMS without FortiGate:

  1. Configure user accounts. See Configuring user accounts.
  2. Add domains and/or discover local endpoints. See Adding endpoints
  3. Create an endpoint profile. See Creating a profile to configure FortiClient.

    FortiClient EMS can deploy FortiClient (Windows) to AD endpoints that do not have FortiClient installed, as well as upgrade existing FortiClient installations if the endpoints are already connected to the EMS server. To allow initial deployment, EMS must be able to resolve the endpoint IP address via the DNS configured on the server.

    You can use with workgroups only to upgrade FortiClient (Windows) on endpoints after they connect Telemetry. When using workgroups, you must separately install FortiClient (Windows) on endpoints.

    note icon

    You can use FortiClient EMS to replace, upgrade, and uninstall FortiClient (macOS) after they connect Telemetry to EMS and FortiClient connects to FortiClient EMS. You cannot use FortiClient EMS to initially deploy FortiClient (macOS) and must separately install it on endpoints. See the FortiClient EMS Administration Guide.

  4. Add a FortiClient deployment package to EMS and configure it with the profile that you created in step 3. See Adding a FortiClient deployment package.
  5. Prepare Windows endpoints for FortiClient deployment. See Preparing Windows endpoints for FortiClient deployment.

    You must also prepare the Windows AD server for deployment. See the FortiClient EMS Administration Guide.

  6. Create a deployment configuration with the desired deployment package. Configure the deployment configuration for the desired workgroup, domain, endpoint group, or organizational group. See Creating a deployment configuration.

    Depending on the selected profile's configuration, FortiClient is installed on the endpoints to which the profile is applied.

    After FortiClient installation, the endpoint connects FortiClient Telemetry to FortiClient EMS to receive the profile configuration and complete endpoint management setup.

  7. View the endpoint status. See Viewing endpoints.

FortiClient EMS integrated with FortiGate

Following is a summary of how to use FortiClient EMS when integrated with FortiGate. This deployment only applies for endpoints with a version of FortiClient earlier than 6.4.0 installed:

  1. Configure user accounts. See Configuring user accounts.
  2. Add domains and/or discover local endpoints. See Adding endpoints
  3. Create an endpoint profile. See Creating a profile to configure FortiClient.

    FortiClient EMS can deploy FortiClient (Windows) to AD endpoints that do not have FortiClient installed, as well as upgrade existing FortiClient installations if the endpoints are already connected to the EMS server. To allow initial deployment, EMS must be able to resolve the endpoint IP address via the DNS configured on the server.

    You can use with workgroups only to upgrade FortiClient (Windows) on endpoints after they connect Telemetry to EMS. When using workgroups, you must separately install FortiClient (Windows) on endpoints.

    note icon

    You can use FortiClient EMS to replace, upgrade, and uninstall FortiClient (macOS) after they connect Telemetry to EMS and FortiClient connects to FortiClient EMS. You cannot use FortiClient EMS to initially deploy FortiClient (macOS) and must separately install it on endpoints. See the FortiClient EMS Administration Guide.

  4. Add a FortiClient deployment package to EMS and configure it with the profile that you created in step 3. See Adding a FortiClient deployment package.
  5. Prepare Windows endpoints for FortiClient deployment. See Preparing Windows endpoints for FortiClient deployment.

    You must also prepare the Windows AD server for deployment. See the FortiClient EMS Administration Guide.

  6. Create a deployment configuration with the desired deployment package. Configure the deployment configuration for the desired workgroup, domain, endpoint group, or organizational group. See Creating a deployment configuration.

    Depending on the selected profile's configuration, FortiClient is installed on the endpoints to which the profile is applied.

    After FortiClient installation, the endpoint connects FortiClient Telemetry to FortiClient EMS to receive the profile configuration and complete endpoint management setup.

  7. View the endpoint status. See Viewing endpoints.