In 6.4.9, you must use FortiClient with EMS. FortiClient must connect to EMS to activate its license and become provisioned by the endpoint profile that the administrator configured in EMS. You cannot use any FortiClient features (except for VPN, as Free 30-day VPN access describes) until FortiClient is connected to EMS and licensed.
The setup process is as follows. The EMS administrator completes some actions, and the endpoint user completes others.
- The administrator configures a FortiClient deployment package in EMS. The administrator specifies which modules to install in the deployment package.
- The administrator prepares to deploy FortiClient from EMS. See Provisioning preparation.
- The administrator deploys FortiClient on the endpoint from EMS. See Provisioning. FortiClient installs on the endpoint.
For installation to be successful, the endpoint must be a computer or device on your network that has Internet access and is running a supported operating system.
After FortiClient installs on the endpoint, it immediately connects to EMS to activate its license. The endpoint user may need to confirm the connection request to complete the Telemetry connection to EMS.
EMS sends an SSL certificate to FortiClient so that FortiClient can use the certificate to verify the connection. FortiClient may allow or block the connection based on the configured Action for EMS invalid certificates. See Advanced options.
FortiClient is now a managed endpoint. Once licensed, FortiClient becomes provisioned by the endpoint profile configured in EMS. The modules that the administrator included in the deployment package in step 1 become available for use.
After the endpoint profile provisions FortiClient, it connects to the FortiGuard server to check for updates for the configured features.
- The administrator manages the endpoint using EMS.
- If desired, the endpoint user can add a personal VPN configuration. See Configuring VPN connections.
- The endpoint user can use the installed modules in FortiClient. Depending on what modules were installed, one, more, or all of the following tabs are available:
- Zero Trust Telemetry
- Malware Protection
- Sandbox Detection
- Web Filter
- Application Firewall
- Vulnerability Scan
- Remote Access
FortiClient must maintain a Telemetry connection to EMS to maintain its licensed status. If FortiClient disconnects from EMS and does not reconnect within the given timeout, the endpoint loses its license and the endpoint user cannot use any FortiClient features until FortiClient reestablishes connection to EMS. The default timeout setting is 45 days.