System Settings
The majority of these configuration options are only available for Windows, macOS, and Linux profiles. The table indicates which options are available for Chromebook profiles, such as Upload Logs to FortiAnalyzer/FortiManager.
Some options are only available when Advanced view is enabled.
Configuration |
Description |
|
---|---|---|
UI |
Specify how the FortiClient user interface appears when installed on endpoints. |
|
Turn on password lock for FortiClient. |
||
|
Password |
Enter a password. The endpoint user must enter this password to disconnect FortiClient from FortiClient EMS. |
Do Not Allow User to Back Up Configuration |
Disallow users from backing up the FortiClient configuration. |
|
Hide User Information |
Hide the User Details panel where the user can provide user details (avatar, name, phone number, email address), and link to a social media (LinkedIn, Google, Salesforce) account. |
|
Hide System Tray Icon |
Hide the FortiClient system tray icon. |
|
Show Host Tag on FortiClient GUI |
Show the applied host tag on the FortiClient GUI. See Zero Trust Tags. |
|
Language |
Configure the language that FortiClient uses. By default, FortiClient uses the system operating language. Select one of the following:
|
|
Log |
Specify FortiClient log settings. |
|
Level |
This option is available for Chromebook profiles. Generates logs equal to and more critical than the selected level. Select one of the following:
|
|
Features |
Select features to generate logs for:
|
|
Client-Based Logging When On-Fabric |
Include local log messages when FortiClient is on-fabric. See On-fabric Detection Rules. |
|
Upload Logs to FortiAnalyzer/FortiManager |
This option and all nested options are available for Chromebook profiles. Configure endpoints to sends logs to the FortiAnalyzer or FortiManager at the specified address or hostname. |
|
|
Upload UTM Logs |
Upload unified threat management logs to FortiAnalyzer or FortiManager. |
|
Upload Vulnerability Logs |
Upload vulnerability logs to FortiAnalyzer or FortiManager. This option only applies to FortiClient 6.4.2 and earlier versions. |
|
Upload Event Logs |
Upload event logs to FortiAnalyzer or FortiManager. This option only applies to FortiClient 6.4.2 and earlier versions. |
|
Upload System Event |
Upload system events to FortiAnalyzer or FortiManager. This includes logs for endpoint control, update, and FortiClient events. |
|
Upload Security Event |
Upload security events to FortiAnalyzer or FortiManager. This includes logs for Malware Protection, Web Filter, Vulnerability Scan, and Application Firewall events. |
|
Send Software Inventory |
EMS sends FortiClient software inventory to FortiAnalyzer or FortiManager. This feature requires the EPP license. See FortiClient EMS. |
|
Send OS Events |
EMS sends endpoint host events to FortiAnalyzer or FortiManager. EMS supports this feature for Windows and macOS endpoints. For macOS endpoints, OS event logs are stored at |
|
Event telemetry interval |
Enter the telemetry interval in seconds. |
|
IP Address/Hostname |
Enter the FortiAnalyzer IP address or hostname/FQDN. With Chromebook profiles, use the format https://FAZ-IP:port/logging. If using a port other than the default, use <address>:<port>. |
|
SSL Enabled |
Enable SSL. |
|
Upload Schedule |
Configure the upload schedule in minutes. |
|
Log Generation Timeout |
Configure the log generation timeout in seconds. |
|
Log Retention |
Configure the duration of time to retain logs in days. |
Proxy |
|
|
Use Proxy for Updates |
Access FortiGuard using the configured proxy. |
|
|
Connect to FDN Directly If Proxy Is Offline |
Connect to FDN directly if proxy is offline. |
Use Proxy for Virus Submission |
Use the configured proxy to submit viruses to FortiGuard. |
|
|
Type |
Configure the type. Options include:
|
|
IP Address/Hostname |
Enter the proxy server's IP address/hostname. |
|
Port |
Enter the proxy server's port number. The port range is from 1 to 65535. |
|
Username |
If the proxy requires authentication, enter the username. Enter the encrypted or non-encrypted username. |
|
Password |
If the proxy requires authentication, enter the password. Enter the encrypted or non-encrypted username. Enable Show Password to show the password in plain text. |
Update |
Specify whether to use FortiManager to update FortiClient on endpoints. |
|
Use FortiManager for Client Signature Update |
Enable FortiClient EMS to obtain AV signatures from the FortiManager at the specified IP address or hostname. |
|
|
IP Address/Hostname |
Enter the FortiManager IP address/hostname. |
|
Port |
Enter the port number. |
|
Failover Port |
Enter the failover port. |
|
Timeout |
Enter the timeout interval. |
|
Failover to FDN When FortiManager Is Not Available |
Fail over to FDN when FortiManager is not available. |
FortiGuard Server Location |
Configure the FortiGuard server location. If FortiGuard Anycast is selected for the Server field, you can select from global, U.S., or Europe. If FortiGuard is selected for the Server field, you can select from global or U.S. When Global is selected, FortiClient uses the closest FortiGuard server. FortiClient connects to FortiGuard to query for AV and vulnerability scan engine and signature updates. The URLs connected to for each server location are as follows:
|
|
Server |
Configure the FortiGuard server to FortiGuard or FortiGuard Anycast. |
|
FortiProxy |
Enable FortiProxy (disable only when troubleshooting). You must enable FortiProxy to use Web Filter and some AV options. |
|
HTTPS Proxy |
Enable HTTPS proxy. If disabled, FortiProxy no longer inspects HTTPS traffic. |
|
|
HTTP Timeout |
Enter the HTTP connection timeout interval in seconds. FortiProxy determines if the remote server is available based on this timeout value. Lower this timeout value if your client requires a faster fail response. |
POP3 Client Comforting |
Enable POP3 client comforting. Client comforting helps to prevent POP3 clients from complaining that the server has not responded in time. |
|
POP3 Server Comforting |
Enable POP3 server comforting. Server comforting helps to prevent POP3 servers from complaining that the client has not responded in time. You may use this in a situation where FortiClient is installed on a mail server. |
|
SMTP Client Comforting |
Enable SMTP client comforting. SMTP comforting helps to prevent SMTP clients from complaining that the server has not responded in time. |
|
Self Test |
FortiProxy can detect if other software is disrupting internal traffic between FortiProxy's internal modules. It does this by sending packets periodically to 1.1.1.1, which are intercepted by FortiClient and dropped (they never leave the computer). If the packets are not detected, then it is deemed highly likely that third party software is intercepting the packets, signaling that FortiProxy cannot perform regular traffic filtering. Enable self tests. FortiProxy periodically checks its own connectivity to determine if it is able to proxy other applications' traffic. |
|
|
Notify |
Display a bubble notification when self-testing detects that a third party program has blocked HTTP/HTTPS filtering and SMTP/POP3 AV scanning. |
|
Last Port |
Enter the last port number used. This is the highest port number you want to allow FortiProxy to listen on. Use to prevent FortiProxy from binding to another port that another service normally uses. The available port range is 65535 to 10000. |
Endpoint Control |
||
Show Bubble Notifications |
Show bubble notifications when FortiClient installs new policies on endpoints. |
|
Log off When User Logs Out of Windows |
Log off FortiClient when the endpoint user logs out of Windows. Turn off to remain logged in. |
|
Disable Disconnect |
Forbid users from disconnecting FortiClient from FortiClient EMS. |
|
On-Fabric Subnets |
Turn on to enable on-fabric subnets. FortiClient determines on-/off-fabric status using On-fabric Detection Rules. |
|
|
IP Addresses/Subnet Masks |
Enter IP addresses/subnet mask to connect to on-fabric subnets. |
|
Enable gateway MAC address. |
|
|
MAC Addresses |
Enter MAC addresses. |
Send Software Inventory |
Send installed application information to FortiClient EMS. If the Upload Logs to FortiAnalyzer/FortiManager option is enabled, the endpoint also sends the software inventory information to FortiAnalyzer. See Software Inventory. This feature requires the EPP license. See FortiClient EMS. |
|
Invalid Certificate Action |
Select the action to take when FortiClient attempts to connect to EMS with an invalid certificate:
|
|
User Identity Settings |
||
Allow Users to Specify Identity Using |
Enable users to specify their identity in FortiClient using the following methods:
By default, EMS obtains user details from the endpoint OS. If the user provides their details using one of the methods above, EMS obtains the user-specified details instead. If this option is disabled, EMS obtains and displays user details from the endpoint OS. |
|
Notify Users to Submit User Identity Information |
Displays a notification on the endpoint for the user to specify their identity. If the user closes the notification without specifying their identity, the notification displays every ten minutes until the user submits their identity information. |
|
Other |
|
|
Install CA Certificate on Client |
Turn on to select and install a CA certificate on the FortiClient endpoint. You can add certificates by going to Endpoint Policy & Components > CA Certificates. |
|
FortiClient Single Sign-On Mobility Agent |
Enable Single Sign-On Mobility Agent for FortiAuthenticator. To use this feature you need to apply a FortiClient SSO mobility agent license to your FortiAuthenticator. |
|
|
IP Address/Hostname |
Enter the FortiAuthenticator IP address or hostname. |
|
Port |
Enter the port number. |
|
Pre-Shared Key |
Enter the preshared key. The preshared key should match the key configured on your FortiAuthenticator. |
iOS |
|
|
Distribute Configuration Profile |
Enable and browse for your |
|
Privacy |
|
|
Send Usage Statistics to Fortinet
|
Submit virus information to FDS. Fortinet uses this information to improve product quality and user experience. |