Fortinet white logo
Fortinet white logo

EMS Administration Guide

System Settings

System Settings

The majority of these configuration options are only available for Windows, macOS, and Linux profiles. The table indicates which options are available for Chromebook profiles, such as Upload Logs to FortiAnalyzer/FortiManager.

Some options are only available when Advanced view is enabled.

Configuration

Description

UI

Specify how the FortiClient user interface appears when installed on endpoints.

Require Password to Disconnect from EMS

Turn on password lock for FortiClient.

Password

Enter a password. The endpoint user must enter this password to disconnect FortiClient from FortiClient EMS.

Do Not Allow User to Back Up Configuration

Disallow users from backing up the FortiClient configuration.

Allow User to Shutdown When Registered to EMS

Allows user to shut down FortiClient while registered to EMS. This feature is only available for FortiClient (Windows) endpoints.

Hide User Information

Hide the User Details panel where the user can provide user details (avatar, name, phone number, email address), and link to a social media (LinkedIn, Google, Salesforce) account.

Hide System Tray Icon

Hide the FortiClient system tray icon.

Show Host Tag on FortiClient GUI

Show the applied host tag on the FortiClient GUI. See Zero Trust Tags.

Language

Configure the language that FortiClient uses. By default, FortiClient uses the system operating language. Select one of the following:

  • os-default (System operating language, selected by default)
  • zh-tw (Taiwanese Mandarin)
  • cs-cz (Czech)
  • de-de (German)
  • en-us (United States English)
  • fr-fr (French)
  • hu-hu (Hungarian)
  • ru-ru (Russian)
  • ja-jp (Japanese)
  • ko-kr (Korean)
  • pt-br (Brazilian Portuguese)
  • sk-sk (Slovak)
  • es-es (Spanish)
  • zh-cn (Chinese (Simplified))
  • et-ee (Estonian)
  • lv-lv (Latvian)
  • lt-lt (Lithuanian)
  • fi-fi (Finnish)
  • sv-se (Swedish)
  • da-dk (Danish)
  • pl-pl (Portuguese (Portugal))
  • nb-no (Norwegian)
  • fr-ca (Canadian French)

Log

Specify FortiClient log settings.

Level

This option is available for Chromebook profiles. Generates logs equal to and more critical than the selected level. Select one of the following:

  • Emergency: The system becomes unstable.
  • Alert: Immediate action is required.
  • Critical: Functionality is affected.
  • Error: An error condition exists and may affect functionality.
  • Warning: Functionality could be affected.
  • Notice: Information about normal events.
  • Info: General information about system operations.
  • Debug: Debug FortiClient. Detailed debug logs for the selected features are generated on the endpoint. You can request the creation and download of the diagnostic tool output, which includes these logs.

Features

Select features to generate logs for:

  • AntiVirus
  • Application Firewall
  • Telemetry
  • FSSOMA
  • Proxy
  • IPsec VPN
  • AntiExploit
  • SSL VPN
  • Update
  • Vulnerability
  • Web Filter
  • Sandbox

Client-Based Logging When On-Fabric

Include local log messages when FortiClient is on-fabric. FortiClient hides the Export log and Clear log options from the GUI when the endpoint is off-fabric. FortiClient still sends logs to FortiAnalyzer, if one is configured. If the FortiAnalyzer is unreachable because endpoint is off-fabric, FortiClient retains the logs until it can reach FortiAnalyzer and forward the logs. See On-fabric Detection Rules.

Upload Logs to FortiAnalyzer/FortiManager

This option and all nested options are available for Chromebook profiles. Configure endpoints to sends logs to the FortiAnalyzer or FortiManager at the specified address or hostname.

The Upload UTM Logs, Upload System Event, and Upload Security Event fields only apply to FortiClient 6.4.3 and later versions.

The Upload Vulnerability Logs and Upload Event Log fields only apply to FortiClient 6.4.2 and earlier versions.

Upload UTM Logs

Upload unified threat management (traffic) logs to FortiAnalyzer or FortiManager.

Upload System Event

Upload system events to FortiAnalyzer or FortiManager. This includes logs for endpoint control, update, and FortiClient events.

Upload Security Event

Upload security events to FortiAnalyzer or FortiManager. This includes logs for Malware Protection, Web Filter, Vulnerability Scan, and Application Firewall events.

Upload Vulnerability Logs

Upload vulnerability logs to FortiAnalyzer or FortiManager.

Upload Event Logs

Upload event logs to FortiAnalyzer or FortiManager.

Send Software Inventory

EMS sends FortiClient software inventory to FortiAnalyzer or FortiManager.

This feature requires the EPP license. See FortiClient EMS.

Send OS Events

EMS sends endpoint host events to FortiAnalyzer or FortiManager. EMS supports this feature for Windows and macOS endpoints. For macOS endpoints, OS event logs are stored at /var/log/system.log.

Event telemetry interval

Enter the interval in seconds for FortiClient to upload OS events to FortiAnalyzer or FortiManager.

IP Address/Hostname

Enter the FortiAnalyzer IP address or hostname/FQDN. With Chromebook profiles, use the format https://FAZ-IP:port/logging.

If using a port other than the default, use <address>:<port>.

For FortiAnalyzer Cloud, you must enter an FQDN. You cannot enter an IP address. See the FortiAnalyzer Cloud documentation.

SSL Enabled

Enable SSL.

Upload Schedule

Configure the interval in minutes for FortiClient to upload logs to FortiAnalyzer or FortiManager. If there are no logs, no upload takes place.

Log Generation Timeout

Configure the maximum time in seconds for FortiClient to gather logs before sending them to FortiAnalyzer or FortiManager.

Log Retention

Configure the amount of time in days that logs are kept locally on the endpoint before starting to rewrite them.

Proxy

Use Proxy for Updates

Access FortiGuard using the configured proxy.

Connect to FDN Directly If Proxy Is Offline

Connect to FDN directly if proxy is offline.

Use Proxy for Virus Submission

Use the configured proxy to submit viruses to FortiGuard.

Type

Configure the type. Options include:

  • http
  • socks4
  • socks5

IP Address/Hostname

Enter the proxy server's IP address/hostname.

Port

Enter the proxy server's port number. The port range is from 1 to 65535.

Username

If the proxy requires authentication, enter the username. Enter the encrypted or non-encrypted username.

Password

If the proxy requires authentication, enter the password. Enter the encrypted or non-encrypted username. Enable Show Password to show the password in plain text.

Update

Specify whether to use FortiManager to update FortiClient on endpoints.

Use FortiManager for Client Signature Update

Enable FortiClient EMS to obtain AV signatures from the FortiManager at the specified IP address or hostname.

IP Address/Hostname

Enter the FortiManager IP address/hostname.

Port

Enter the port number.

Failover Port

Enter the failover port.

Timeout

Enter the timeout interval.

Failover to FDN When FortiManager Is Not Available

Fail over to FDN when FortiManager is unavailable.

FortiGuard Server Location

Configure the FortiGuard server location. If FortiGuard Anycast is selected for the Server field, you can select from global, U.S., or Europe. If FortiGuard is selected for the Server field, you can select from global or U.S. When Global is selected, FortiClient uses the closest FortiGuard server.

FortiClient connects to FortiGuard to query for AV and vulnerability scan engine and signature updates.

The URLs connected to for each server location are as follows:

  • FortiGuard:

    • Global: forticlient.fortinet.net

    • U.S.: usforticlient.fortinet.net

  • FortiGuard Anycast:

    • Global: fctupdate.fortinet.net

    • U.S.: fctusupdate.fortinet.net

    • Europe: fcteuupdate.fortinet.net

Server

Configure the FortiGuard server to FortiGuard or FortiGuard Anycast.

FortiProxy

Enable FortiProxy (disable only when troubleshooting). You must enable FortiProxy to use Web Filter and some AV options.

HTTPS Proxy

Enable HTTPS proxy. If disabled, FortiProxy no longer inspects HTTPS traffic.

HTTP Timeout

Enter the HTTP connection timeout interval in seconds. FortiProxy determines if the remote server is available based on this timeout value. Lower this timeout value if your client requires a faster fail response.

POP3 Client Comforting

Enable POP3 client comforting. Client comforting helps to prevent POP3 clients from complaining that the server has not responded in time.

POP3 Server Comforting

Enable POP3 server comforting. Server comforting helps to prevent POP3 servers from complaining that the client has not responded in time. You may use this in a situation where FortiClient is installed on a mail server.

SMTP Client Comforting

Enable SMTP client comforting. SMTP comforting helps to prevent SMTP clients from complaining that the server has not responded in time.

Self Test

FortiProxy can detect if other software is disrupting internal traffic between FortiProxy's internal modules. It does this by sending packets periodically to 1.1.1.1, which are intercepted by FortiClient and dropped (they never leave the computer). If the packets are not detected, then it is deemed highly likely that third party software is intercepting the packets, signaling that FortiProxy cannot perform regular traffic filtering.

Enable self tests. FortiProxy periodically checks its own connectivity to determine if it is able to proxy other applications' traffic.

Notify

Display a bubble notification when self-testing detects that a third party program has blocked HTTP/HTTPS filtering and SMTP/POP3 AV scanning.

Last Port

Enter the last port number used. This is the highest port number you want to allow FortiProxy to listen on. Use to prevent FortiProxy from binding to another port that another service normally uses.

The available port range is 65535 to 10000.

Endpoint Control

Show Bubble Notifications

Show bubble notifications when FortiClient installs new policies on endpoints.

Log off When User Logs Out of Windows

Log off FortiClient when the endpoint user logs out of Windows. Turn off to remain logged in.

Disable Disconnect

Forbid users from disconnecting FortiClient from FortiClient EMS.

On-Fabric Subnets

Turn on to enable on-fabric subnets. FortiClient determines on-/off-fabric status using Determining on-fabric/off-fabric status.

This option only applies for endpoints running FortiClient 6.2.1 and earlier versions. For endpoints running FortiClient 6.2.2 and later versions, see On-fabric Detection Rules.

IP Addresses/Subnet Masks

Enter IP addresses/subnet mask to connect to on-fabric subnets.

Gateway MAC Address

Enable gateway MAC address.

MAC Addresses

Enter MAC addresses.

Send Software Inventory

Send installed application information to FortiClient EMS. If the Upload Logs to FortiAnalyzer/FortiManager option is enabled, the endpoint also sends the software inventory information to FortiAnalyzer. See Software Inventory.

This feature requires the EPP license. See FortiClient EMS.

Invalid Certificate Action

Select the action to take when FortiClient attempts to connect to EMS with an invalid certificate:

  • Allow: allows FortiClient to connect to EMS with an invalid certificate.
  • Warn: warn the user about the invalid server certificate. Ask the user whether to proceed with connecting to EMS, or terminate the connection attempt. FortiClient remembers the user's decision for this EMS, but displays the warning prompt if FortiClient attempts to connect to another EMS (using a different EMS FQDN/IP address and certificate) with an invalid certificate.
  • Deny: block FortiClient from connecting to EMS with an invalid certificate.

User Identity Settings

Allow Users to Specify Identity Using

Enable users to specify their identity in FortiClient using the following methods:

  • Manually entering their details in FortiClient
  • Logging in to their account for the following social media services:
    • LinkedIn
    • Google
    • Salesforce

By default, EMS obtains user details from the endpoint OS. If the user provides their details using one of the methods above, EMS obtains the user-specified details instead.

If this option is disabled, EMS obtains and displays user details from the endpoint OS.

Notify Users to Submit User Identity Information

Displays a notification on the endpoint for the user to specify their identity. If the user closes the notification without specifying their identity, the notification displays every ten minutes until the user submits their identity information.

Zero Trust Network Access (ZTNA) Settings

Use ZTNA

Enable ZTNA. When ZTNA is enabled, FortiClient can create a secure encrypted connection to protected applications without using VPN. Acting as a local proxy gateway, FortiClient works with the FortiGate application proxy feature to create a secure connection via HTTPS using a certificate received from EMS that includes the FortiClient UID. The FortiGate retrieves the UID to identify the device and check other endpoint information that EMS provides to the FortiGate, which can include other identity and posture information. The FortiGate allows or denies the access as applicable.

For TCP forwarding to non-web-based applications, the endpoint user can define ZTNA connection rules in the FortiClient console.

Other

Install CA Certificate on Client

Turn on to select and install a CA certificate on the FortiClient endpoint.

You can add certificates by going to Endpoint Policy & Components > CA Certificates.

FortiClient Single Sign-On Mobility Agent

Enable Single Sign-On Mobility Agent for FortiAuthenticator. To use this feature you need to apply a FortiClient SSO mobility agent license to your FortiAuthenticator.

IP Address/Hostname

Enter the FortiAuthenticator IP address or hostname.

Port

Enter the port number.

Pre-Shared Key

Enter the preshared key. The preshared key should match the key configured on your FortiAuthenticator.

iOS

Distribute Configuration Profile

Enable and browse for your .mobileconfig file to distribute the configuration profile.

Privacy

Send Usage Statistics to Fortinet

Submit virus information to FDS. Fortinet uses this information to improve product quality and user experience.

System Settings

System Settings

The majority of these configuration options are only available for Windows, macOS, and Linux profiles. The table indicates which options are available for Chromebook profiles, such as Upload Logs to FortiAnalyzer/FortiManager.

Some options are only available when Advanced view is enabled.

Configuration

Description

UI

Specify how the FortiClient user interface appears when installed on endpoints.

Require Password to Disconnect from EMS

Turn on password lock for FortiClient.

Password

Enter a password. The endpoint user must enter this password to disconnect FortiClient from FortiClient EMS.

Do Not Allow User to Back Up Configuration

Disallow users from backing up the FortiClient configuration.

Allow User to Shutdown When Registered to EMS

Allows user to shut down FortiClient while registered to EMS. This feature is only available for FortiClient (Windows) endpoints.

Hide User Information

Hide the User Details panel where the user can provide user details (avatar, name, phone number, email address), and link to a social media (LinkedIn, Google, Salesforce) account.

Hide System Tray Icon

Hide the FortiClient system tray icon.

Show Host Tag on FortiClient GUI

Show the applied host tag on the FortiClient GUI. See Zero Trust Tags.

Language

Configure the language that FortiClient uses. By default, FortiClient uses the system operating language. Select one of the following:

  • os-default (System operating language, selected by default)
  • zh-tw (Taiwanese Mandarin)
  • cs-cz (Czech)
  • de-de (German)
  • en-us (United States English)
  • fr-fr (French)
  • hu-hu (Hungarian)
  • ru-ru (Russian)
  • ja-jp (Japanese)
  • ko-kr (Korean)
  • pt-br (Brazilian Portuguese)
  • sk-sk (Slovak)
  • es-es (Spanish)
  • zh-cn (Chinese (Simplified))
  • et-ee (Estonian)
  • lv-lv (Latvian)
  • lt-lt (Lithuanian)
  • fi-fi (Finnish)
  • sv-se (Swedish)
  • da-dk (Danish)
  • pl-pl (Portuguese (Portugal))
  • nb-no (Norwegian)
  • fr-ca (Canadian French)

Log

Specify FortiClient log settings.

Level

This option is available for Chromebook profiles. Generates logs equal to and more critical than the selected level. Select one of the following:

  • Emergency: The system becomes unstable.
  • Alert: Immediate action is required.
  • Critical: Functionality is affected.
  • Error: An error condition exists and may affect functionality.
  • Warning: Functionality could be affected.
  • Notice: Information about normal events.
  • Info: General information about system operations.
  • Debug: Debug FortiClient. Detailed debug logs for the selected features are generated on the endpoint. You can request the creation and download of the diagnostic tool output, which includes these logs.

Features

Select features to generate logs for:

  • AntiVirus
  • Application Firewall
  • Telemetry
  • FSSOMA
  • Proxy
  • IPsec VPN
  • AntiExploit
  • SSL VPN
  • Update
  • Vulnerability
  • Web Filter
  • Sandbox

Client-Based Logging When On-Fabric

Include local log messages when FortiClient is on-fabric. FortiClient hides the Export log and Clear log options from the GUI when the endpoint is off-fabric. FortiClient still sends logs to FortiAnalyzer, if one is configured. If the FortiAnalyzer is unreachable because endpoint is off-fabric, FortiClient retains the logs until it can reach FortiAnalyzer and forward the logs. See On-fabric Detection Rules.

Upload Logs to FortiAnalyzer/FortiManager

This option and all nested options are available for Chromebook profiles. Configure endpoints to sends logs to the FortiAnalyzer or FortiManager at the specified address or hostname.

The Upload UTM Logs, Upload System Event, and Upload Security Event fields only apply to FortiClient 6.4.3 and later versions.

The Upload Vulnerability Logs and Upload Event Log fields only apply to FortiClient 6.4.2 and earlier versions.

Upload UTM Logs

Upload unified threat management (traffic) logs to FortiAnalyzer or FortiManager.

Upload System Event

Upload system events to FortiAnalyzer or FortiManager. This includes logs for endpoint control, update, and FortiClient events.

Upload Security Event

Upload security events to FortiAnalyzer or FortiManager. This includes logs for Malware Protection, Web Filter, Vulnerability Scan, and Application Firewall events.

Upload Vulnerability Logs

Upload vulnerability logs to FortiAnalyzer or FortiManager.

Upload Event Logs

Upload event logs to FortiAnalyzer or FortiManager.

Send Software Inventory

EMS sends FortiClient software inventory to FortiAnalyzer or FortiManager.

This feature requires the EPP license. See FortiClient EMS.

Send OS Events

EMS sends endpoint host events to FortiAnalyzer or FortiManager. EMS supports this feature for Windows and macOS endpoints. For macOS endpoints, OS event logs are stored at /var/log/system.log.

Event telemetry interval

Enter the interval in seconds for FortiClient to upload OS events to FortiAnalyzer or FortiManager.

IP Address/Hostname

Enter the FortiAnalyzer IP address or hostname/FQDN. With Chromebook profiles, use the format https://FAZ-IP:port/logging.

If using a port other than the default, use <address>:<port>.

For FortiAnalyzer Cloud, you must enter an FQDN. You cannot enter an IP address. See the FortiAnalyzer Cloud documentation.

SSL Enabled

Enable SSL.

Upload Schedule

Configure the interval in minutes for FortiClient to upload logs to FortiAnalyzer or FortiManager. If there are no logs, no upload takes place.

Log Generation Timeout

Configure the maximum time in seconds for FortiClient to gather logs before sending them to FortiAnalyzer or FortiManager.

Log Retention

Configure the amount of time in days that logs are kept locally on the endpoint before starting to rewrite them.

Proxy

Use Proxy for Updates

Access FortiGuard using the configured proxy.

Connect to FDN Directly If Proxy Is Offline

Connect to FDN directly if proxy is offline.

Use Proxy for Virus Submission

Use the configured proxy to submit viruses to FortiGuard.

Type

Configure the type. Options include:

  • http
  • socks4
  • socks5

IP Address/Hostname

Enter the proxy server's IP address/hostname.

Port

Enter the proxy server's port number. The port range is from 1 to 65535.

Username

If the proxy requires authentication, enter the username. Enter the encrypted or non-encrypted username.

Password

If the proxy requires authentication, enter the password. Enter the encrypted or non-encrypted username. Enable Show Password to show the password in plain text.

Update

Specify whether to use FortiManager to update FortiClient on endpoints.

Use FortiManager for Client Signature Update

Enable FortiClient EMS to obtain AV signatures from the FortiManager at the specified IP address or hostname.

IP Address/Hostname

Enter the FortiManager IP address/hostname.

Port

Enter the port number.

Failover Port

Enter the failover port.

Timeout

Enter the timeout interval.

Failover to FDN When FortiManager Is Not Available

Fail over to FDN when FortiManager is unavailable.

FortiGuard Server Location

Configure the FortiGuard server location. If FortiGuard Anycast is selected for the Server field, you can select from global, U.S., or Europe. If FortiGuard is selected for the Server field, you can select from global or U.S. When Global is selected, FortiClient uses the closest FortiGuard server.

FortiClient connects to FortiGuard to query for AV and vulnerability scan engine and signature updates.

The URLs connected to for each server location are as follows:

  • FortiGuard:

    • Global: forticlient.fortinet.net

    • U.S.: usforticlient.fortinet.net

  • FortiGuard Anycast:

    • Global: fctupdate.fortinet.net

    • U.S.: fctusupdate.fortinet.net

    • Europe: fcteuupdate.fortinet.net

Server

Configure the FortiGuard server to FortiGuard or FortiGuard Anycast.

FortiProxy

Enable FortiProxy (disable only when troubleshooting). You must enable FortiProxy to use Web Filter and some AV options.

HTTPS Proxy

Enable HTTPS proxy. If disabled, FortiProxy no longer inspects HTTPS traffic.

HTTP Timeout

Enter the HTTP connection timeout interval in seconds. FortiProxy determines if the remote server is available based on this timeout value. Lower this timeout value if your client requires a faster fail response.

POP3 Client Comforting

Enable POP3 client comforting. Client comforting helps to prevent POP3 clients from complaining that the server has not responded in time.

POP3 Server Comforting

Enable POP3 server comforting. Server comforting helps to prevent POP3 servers from complaining that the client has not responded in time. You may use this in a situation where FortiClient is installed on a mail server.

SMTP Client Comforting

Enable SMTP client comforting. SMTP comforting helps to prevent SMTP clients from complaining that the server has not responded in time.

Self Test

FortiProxy can detect if other software is disrupting internal traffic between FortiProxy's internal modules. It does this by sending packets periodically to 1.1.1.1, which are intercepted by FortiClient and dropped (they never leave the computer). If the packets are not detected, then it is deemed highly likely that third party software is intercepting the packets, signaling that FortiProxy cannot perform regular traffic filtering.

Enable self tests. FortiProxy periodically checks its own connectivity to determine if it is able to proxy other applications' traffic.

Notify

Display a bubble notification when self-testing detects that a third party program has blocked HTTP/HTTPS filtering and SMTP/POP3 AV scanning.

Last Port

Enter the last port number used. This is the highest port number you want to allow FortiProxy to listen on. Use to prevent FortiProxy from binding to another port that another service normally uses.

The available port range is 65535 to 10000.

Endpoint Control

Show Bubble Notifications

Show bubble notifications when FortiClient installs new policies on endpoints.

Log off When User Logs Out of Windows

Log off FortiClient when the endpoint user logs out of Windows. Turn off to remain logged in.

Disable Disconnect

Forbid users from disconnecting FortiClient from FortiClient EMS.

On-Fabric Subnets

Turn on to enable on-fabric subnets. FortiClient determines on-/off-fabric status using Determining on-fabric/off-fabric status.

This option only applies for endpoints running FortiClient 6.2.1 and earlier versions. For endpoints running FortiClient 6.2.2 and later versions, see On-fabric Detection Rules.

IP Addresses/Subnet Masks

Enter IP addresses/subnet mask to connect to on-fabric subnets.

Gateway MAC Address

Enable gateway MAC address.

MAC Addresses

Enter MAC addresses.

Send Software Inventory

Send installed application information to FortiClient EMS. If the Upload Logs to FortiAnalyzer/FortiManager option is enabled, the endpoint also sends the software inventory information to FortiAnalyzer. See Software Inventory.

This feature requires the EPP license. See FortiClient EMS.

Invalid Certificate Action

Select the action to take when FortiClient attempts to connect to EMS with an invalid certificate:

  • Allow: allows FortiClient to connect to EMS with an invalid certificate.
  • Warn: warn the user about the invalid server certificate. Ask the user whether to proceed with connecting to EMS, or terminate the connection attempt. FortiClient remembers the user's decision for this EMS, but displays the warning prompt if FortiClient attempts to connect to another EMS (using a different EMS FQDN/IP address and certificate) with an invalid certificate.
  • Deny: block FortiClient from connecting to EMS with an invalid certificate.

User Identity Settings

Allow Users to Specify Identity Using

Enable users to specify their identity in FortiClient using the following methods:

  • Manually entering their details in FortiClient
  • Logging in to their account for the following social media services:
    • LinkedIn
    • Google
    • Salesforce

By default, EMS obtains user details from the endpoint OS. If the user provides their details using one of the methods above, EMS obtains the user-specified details instead.

If this option is disabled, EMS obtains and displays user details from the endpoint OS.

Notify Users to Submit User Identity Information

Displays a notification on the endpoint for the user to specify their identity. If the user closes the notification without specifying their identity, the notification displays every ten minutes until the user submits their identity information.

Zero Trust Network Access (ZTNA) Settings

Use ZTNA

Enable ZTNA. When ZTNA is enabled, FortiClient can create a secure encrypted connection to protected applications without using VPN. Acting as a local proxy gateway, FortiClient works with the FortiGate application proxy feature to create a secure connection via HTTPS using a certificate received from EMS that includes the FortiClient UID. The FortiGate retrieves the UID to identify the device and check other endpoint information that EMS provides to the FortiGate, which can include other identity and posture information. The FortiGate allows or denies the access as applicable.

For TCP forwarding to non-web-based applications, the endpoint user can define ZTNA connection rules in the FortiClient console.

Other

Install CA Certificate on Client

Turn on to select and install a CA certificate on the FortiClient endpoint.

You can add certificates by going to Endpoint Policy & Components > CA Certificates.

FortiClient Single Sign-On Mobility Agent

Enable Single Sign-On Mobility Agent for FortiAuthenticator. To use this feature you need to apply a FortiClient SSO mobility agent license to your FortiAuthenticator.

IP Address/Hostname

Enter the FortiAuthenticator IP address or hostname.

Port

Enter the port number.

Pre-Shared Key

Enter the preshared key. The preshared key should match the key configured on your FortiAuthenticator.

iOS

Distribute Configuration Profile

Enable and browse for your .mobileconfig file to distribute the configuration profile.

Privacy

Send Usage Statistics to Fortinet

Submit virus information to FDS. Fortinet uses this information to improve product quality and user experience.