In 7.0.8, you must use FortiClient with EMS. FortiClient must connect to EMS to activate its license and become provisioned by the endpoint profile that the administrator configured in EMS. You cannot use any FortiClient features (except for VPN, as Free 30-day VPN access describes) until FortiClient is connected to EMS and licensed.
The setup process is as follows. The EMS administrator completes some actions, and the endpoint user completes others.
- The administrator configures a FortiClient deployment package in EMS. The administrator specifies which modules to install in the deployment package.
- The administrator prepares to deploy FortiClient from EMS. See Provisioning preparation.
- The administrator deploys FortiClient on the endpoint from EMS. See Provisioning. FortiClient installs on the endpoint.
For installation to be successful, the endpoint must be a computer or device on your network that has Internet access and is running a supported operating system.
After FortiClient installs on the endpoint, it immediately connects to EMS to activate its license. The endpoint user may need to confirm the connection request to complete the Telemetry connection to EMS.
If the Use SSL certificate for Endpoint Control option is disabled in EMS, EMS sends a built-in EMS certificate or FortiCare SSL certificate to FortiClient. If the Use SSL certificate for Endpoint Control option is enabled in EMS, EMS sends an SSL certificate to FortiClient so that FortiClient can use the certificate to verify the connection. FortiClient may allow or block the connection based on the configured Action for EMS invalid certificates. See Advanced options.
FortiClient is now a managed endpoint. Once licensed, FortiClient becomes provisioned by the endpoint profile configured in EMS. The modules that the administrator included in the deployment package in step 1 become available for use.
After the endpoint profile provisions , it connects to the FortiGuard server to check for updates for the configured features.
- The administrator manages the endpoint using EMS.FortiClient
- If desired, the endpoint user can add a personal VPN configuration. See Configuring VPN connections.
- The endpoint user can use the installed modules in FortiClient. Depending on what modules were installed, one, more, or all of the following tabs are available:
- Zero Trust Telemetry
- Malware Protection
- Sandbox Detection
- Web Filter
- Application Firewall
- Vulnerability Scan
- Remote Access
- ZTNA Connection Rules
FortiClient receives its license expiry information from EMS during initial provisioning. When FortiClient cannot reach EMS, it refers to the previously received expiry information to confirm that its license is still active. FortiClient does not need to maintain a connection to EMS to maintain its licensed status.