Deploying FortiClient using a shell script
After adding a profile, you must create a policy to deploy FortiClient. With Jamf Pro, you can deploy FortiClient to macOS devices that have any user accounts (administrator and non-administrator user accounts) without requiring user interaction. You can deploy FortiClient in the following way.
For this procedure, all macOS devices should meet the following prerequisites:
- Running macOS Catalina (version 10.15) or a later version
- Managed by Jamf Pro
- Shell scripts begin with
#!
and are in a valid location, such as#!/bin/sh
or#!/usr/bin/env zsh
. - Command line interpreters for the applicable shells are installed.
To modify the script file:
-
On a test macOS device, download the FortiClient deployment shell script .sh file:
- From Fortinet Service & Support, go to Firmware Images.
- From the Select Product dropdown list, select FortiClientMac.
- On the Download tab, go to Mac > v7.00 > 7.2.
- Select the latest shell scripts.
- In a terminal, open the downloaded script file.
- Do one of the following:
- If using on-premise EMS, modify the
weburl
value to your FortiClient download link from EMS. For example, you would change the value fromweburl=<"FortiClient download URL from EMS">
toweburl="https://your_EMS_FQDN:10443/installers/Default/FCT_MAC_7.2.0_ GA/FortiClient_7.2.0.dmg"
, if the download link is https://your_EMS_ FQDN:10443/installers/Default/FCT_MAC_7.2.0_GA/FortiClient_7.2.0.dmg. - If using FortiClient Cloud, download the FortiClient installer from FortiClient Cloud. Extract the .zip file. Copy the .dmg file to a local web server that endpoints can reach and that you own. Modify the
weburl
value to your local web server URL.
- If using on-premise EMS, modify the
- Modify the
FortiClient_Installerversion
value in the script file based on your FortiClient installer version. For example, change the value fromFortiClient_Installerversion=<Your FortiClient Installer version>
toFortiClient_Installerversion=”7200655”
if the FortiClient version is 7.2.0.0655. Enter the version number without periods. - Modify the values
av
,af
,sb
,sra
,sso
,vs
,wf
, andztna
values to1
or0
based on the enabled features in the FortiClient installer. For example, change the value fromav=<Feature enabled or disabled>
toav="1”
to enable malware protection. Otherwise, setav="0”
to disable malware protection on the FortiClient installer. By default, all values forav
,af
,sb
,sra
,sso
,vs
,wf
, andztna
are set to“1”
based on the default installer with all features enabled. - If desired, modify the script file based on your requirements. The shell script mainly performs the following tasks:
- Uninstalling older FortiClient versions if present and installing a new version
- Downloading the FortiClient deployment package from the EMS server. The managed macOS device must be able to access the download link to download the package.
- Installing FortiClient on a fresh macOS device
- Skipping FortiClient uninstallation if trying to install same FortiClient version
- Upgrading free VPN-only FortiClient to full FortiClient
- Upgrading to same or different version of FortiClient with different security features enabled that are unavailable on existing FortiClient
- Save the file.
To add the script to Jamf Pro using the script editor:
- In Jamf Pro, go to Settings > Computer Management > Scripts.
- Click New.
- In the General pane, configure the script's basic settings, including the display name and category.
- On the Script tab, enter the script contents in the editor. You can use the tab settings to configure syntax highlighting and theme colors in the script editor.
- On the Options tab, configure additional settings for the script, including the priority.
- (Optional) On the Limitations tab, configure operating system requirements for the script.
- Click Save.