Deploying FortiClient using a shell script

After adding a profile, you must create a policy to deploy FortiClient. With Jamf Pro, you can deploy FortiClient to macOS devices that have any user accounts (administrator and non-administrator user accounts) without requiring user interaction. You can deploy FortiClient in the following way.

For this procedure, all macOS devices should meet the following prerequisites:

• Running macOS Catalina (version 10.15) or a later version
• Managed by Jamf Pro
• Shell scripts begin with #! and are in a valid location, such as #!/bin/sh or #!/usr/bin/env zsh.
• Command line interpreters for the applicable shells are installed.

To modify the script file:

1. On a test macOS device, download the FortiClient deployment shell script .sh file:
   1. From Fortinet Service & Support, go to Firmware Images.
   2. From the Select Product dropdown list, select FortiClientMac.
   3. On the Download tab, go to Mac > v7.00 > 7.2.
   4. Select the latest shell scripts.
2. In a terminal, open the downloaded script file.
3. Do one of the following:
   1. If using on-premise EMS, modify the weburl value to your FortiClient download link from EMS. For example, you would change the value from weburl=<"FortiClient download URL from EMS"> to weburl="https://your_EMS_FQDN:10443/installers/Default/FCT_MAC_7.2.0_ GA/FortiClient_7.2.0.dmg", if the download link is https://your_EMS_ FQDN:10443/installers/Default/FCT_MAC_7.2.0_GA/FortiClient_7.2.0.dmg.
   2. If using FortiClient Cloud, download the FortiClient installer from FortiClient Cloud. Extract the .zip file. Copy the .dmg file to a local web server that endpoints can reach and that you own. Modify the weburl value to your local web server URL.
4. Modify the FortiClient_Installerversion value in the script file based on your FortiClient installer version. For example, change the value from FortiClient_Installerversion=<Your FortiClient Installer version> to FortiClient_Installerversion=”7200655” if the FortiClient version is 7.2.0.0655. Enter the version number without periods.
5. Modify the values av, af, sb, sra, sso, vs, wf, and ztna values to 1 or 0 based on the enabled features in the FortiClient installer. For example, change the value from av=<Feature enabled or disabled> to av="1” to enable malware protection. Otherwise, set av="0” to disable malware protection on the FortiClient installer. By default, all values for av, af, sb, sra, sso, vs, wf, and ztna are set to “1” based on the default installer with all features enabled.
6. If desired, modify the script file based on your requirements. The shell script mainly performs the following tasks:
   • Uninstalling older FortiClient versions if present and installing a new version
   • Downloading the FortiClient deployment package from the EMS server. The managed macOS device must be able to access the download link to download the package.
   • Installing FortiClient on a fresh macOS device
   • Skipping FortiClient uninstallation if trying to install same FortiClient version
   • Upgrading free VPN-only FortiClient to full FortiClient
   • Upgrading to same or different version of FortiClient with different security features enabled that are unavailable on existing FortiClient
7. Save the file.

To add the script to Jamf Pro using the script editor:

1. In Jamf Pro, go to Settings > Computer Management > Scripts.
2. Click New.
3. In the General pane, configure the script's basic settings, including the display name and category.
4. On the Script tab, enter the script contents in the editor. You can use the tab settings to configure syntax highlighting and theme colors in the script editor.
5. On the Options tab, configure additional settings for the script, including the priority.
6. (Optional) On the Limitations tab, configure operating system requirements for the script.
7. Click Save.