Fortinet black logo

Jamf Deployment Guide

Home FortiClient 7.2.0 Jamf Deployment Guide
7.2.0
7.2.0
7.0.0

Debugging

Debugging

To check deployment status and logs on endpoints:
  1. In the console application, go to log reports.
  2. Look for the Jamf.log and Forticlient.log files. You can see logs related to FortiClient deployment and installation.

Note the following:

  • Manually uninstalling FortiClient using the FortiClientUninstaller tool removes the VPN virtual adapter and stored zero trust network access (ZTNA) certificates on the endpoint. As a result, reinstalling FortiClient displays the FortiTray VPN and system keychain modification prompts. In this case, push and distribute the MDM configuration profile again before reinstalling FortiClient to fully silence the prompts.
  • When connecting to VPN with client certificates, the system prompts the user for keychain access credentials to access and read the stored certificate. The user can decide to allow or deny access. Selecting Always Allow silences future prompts when FortiTray accesses the certificate.

  • When FortiClient acts as a ZTNA client, the system is expected to display prompts to ask for user credentials to access the ZTNA client certificate stored in the login keychain.

    The ZTNA feature does not work if you click Allow. Select Always Allow.

  • Revoking the endpoint client certificate from EMS results in the system prompting for administrator credentials to modify the system keychain.

  • If you revoke the ZTNA root CA certificate, the system prompts for administrator credentials to modify the system keychain.

Previous
Next

Debugging

To check deployment status and logs on endpoints:
  1. In the console application, go to log reports.
  2. Look for the Jamf.log and Forticlient.log files. You can see logs related to FortiClient deployment and installation.

Note the following:

  • Manually uninstalling FortiClient using the FortiClientUninstaller tool removes the VPN virtual adapter and stored zero trust network access (ZTNA) certificates on the endpoint. As a result, reinstalling FortiClient displays the FortiTray VPN and system keychain modification prompts. In this case, push and distribute the MDM configuration profile again before reinstalling FortiClient to fully silence the prompts.
  • When connecting to VPN with client certificates, the system prompts the user for keychain access credentials to access and read the stored certificate. The user can decide to allow or deny access. Selecting Always Allow silences future prompts when FortiTray accesses the certificate.

  • When FortiClient acts as a ZTNA client, the system is expected to display prompts to ask for user credentials to access the ZTNA client certificate stored in the login keychain.

    The ZTNA feature does not work if you click Allow. Select Always Allow.

  • Revoking the endpoint client certificate from EMS results in the system prompting for administrator credentials to modify the system keychain.

  • If you revoke the ZTNA root CA certificate, the system prompts for administrator credentials to modify the system keychain.

Previous
Next