FortiClient EMS 7.2.4 QuickStart Guide
Uploaded by
guesieroFortiClient EMS 7.2.4 QuickStart Guide
Uploaded by
guesieroQuickStart Guide
FortiClient EMS 7.2.4
FORTINET DOCUMENT LIBRARY
https://docs.fortinet.com
FORTINET VIDEO LIBRARY
https://video.fortinet.com
FORTINET BLOG
https://blog.fortinet.com
CUSTOMER SERVICE & SUPPORT
https://support.fortinet.com
FORTINET TRAINING & CERTIFICATION PROGRAM
https://www.fortinet.com/training-certification
FORTINET TRAINING INSTITUTE
https://training.fortinet.com
FORTIGUARD LABS
https://www.fortiguard.com
END USER LICENSE AGREEMENT
https://www.fortinet.com/doc/legal/EULA.pdf
FEEDBACK
Email: [email protected]
June 04, 2024
FortiClient EMS 7.2.4 QuickStart Guide
04-724-877348-20240325
TABLE OF CONTENTS
Introduction 5
Supported installation platforms 5
Requirements for managing Chromebooks 5
Required services and ports 5
Deployment options 9
Chromebook setup 10
Install preparation for managing Chromebooks 11
How FortiClient EMS and FortiClient work with Chromebooks 11
Installation 13
Downloading the installation file 13
Installing FortiClient EMS 13
Licensing EMS by logging in to FortiCloud 15
Applying a trial license to FortiClient EMS 15
Applying paid licenses to FortiClient EMS 15
Starting FortiClient EMS and logging in 19
Configuring EMS after installation 19
Windows, macOS, and Linux endpoint management setup 21
Configuring user accounts 21
Creating a new profile 22
Adding a FortiClient deployment package 23
Deploying the FortiClient deployment package to endpoints 26
Viewing endpoints 26
Viewing the Endpoints pane 26
Using the quick status bar 33
Viewing endpoint details 34
FortiClient EMS for Chromebooks setup 35
Google Admin Console setup 35
Logging into the Google Admin console 35
Adding the FortiClient Web Filter extension 36
Configuring the FortiClient Web Filter extension 36
Adding root certificates 37
Disabling access to Chrome developer tools 40
Disallowing incognito mode 40
Disabling guest mode 40
Blocking the Chrome task manager 41
Service account credentials 41
Configuring default service account credentials 41
Configuring unique service account credentials 42
Adding SSL certificates 51
Adding an SSL certificate to FortiClient EMS for Chromebook endpoints 51
Adding SSL certificates to FortiAnalyzer 52
Adding a Google domain 52
Configuring Chromebook profiles 52
FortiClient EMS 7.2.4 QuickStart Guide 3
Fortinet Inc.
Adding a new Chromebook profile 52
Enabling and disabling Safe Search 53
Adding a Chromebook policy 54
Viewing domains 55
Viewing the Google Users pane 55
Viewing user details 56
Change log 58
FortiClient EMS 7.2.4 QuickStart Guide 4
Fortinet Inc.
Introduction
This guide describes how to install and set up FortiClient Endpoint Management Server (EMS) for the first time. You can
use FortiClient EMS to deploy and manage FortiClient endpoints. This guide also describes how to set up the Google
Admin console to use the FortiClient Web Filter extension. Together the products also provide web filtering for Google
Chromebook users.
An informative video introducing you to FortiClient EMS is available in the Fortinet Video
Library.
Supported installation platforms
You can install FortiClient EMS on Microsoft Windows Server 2019 or newer.
For information about minimum system requirements and supported platforms, see Product
integration and support.
Requirements for managing Chromebooks
Using FortiClient EMS for managing Chromebooks requires the following components and knowledge:
l FortiClient EMS installer
l FortiClient Web Filter extension available in the Google Web Store for Chrome OS
l Google Workspace account
l Knowledge of administering the Google Admin console
l Domain configured in the Google Admin console
l SSL certificates to support communication between FortiClient Web Filter extension and the following products:
l FortiClient EMS
l FortiAnalyzer for logging, if using
l Unique set of service account credentials
Required services and ports
You must ensure that you enable required ports and services for use by FortiClient EMS and its associated applications
on your server. The required ports and services enable FortiClient EMS to communicate with endpoints and servers
FortiClient EMS 7.2.4 QuickStart Guide 5
Fortinet Inc.
Introduction
running associated applications. You do not need to enable ports 8013 and 10443 as the FortiClient EMS installation
opens these.
Communication Usage Protocol Port Incoming/Outgoing How to
customize
FortiClient FortiClient endpoint TCP 8013 Incoming Installer/GUI
Telemetry management (default)
Active Directory Retrieving workstation TCP 389 Outgoing GUI
server connection and user information (LDAP) or
636
(LDAPS)
FortiClient Downloading FortiClient TCP 10443 Incoming Installer
download deployment packages (default)
that FortiClient EMS
created
Web Filter custom Downloading custom TCP 10443 Incoming N/A
page download Web Filter pages that the (default)
administrator created in
EMS
Antivirus (AV) Downloading AV allowlist TCP 10443 Incoming N/A
allowlist signature signatures. (default)
download
Apache/HTTPS Web access to FortiClient TCP 443 Incoming Installer
EMS
Also required for the
ACME feature.
SMTP server/email Alerts for FortiClient EMS TCP 25 Outgoing GUI
and endpoint events. (default)
When an alert is
triggered, EMS sends an
email notification.
FortiClient FortiClient EMS uses ICMP N/A Outgoing N/A
endpoint probing ICMP for endpoint
probing during FortiClient
initial deployment.
Communication EMS is the server that TCP 8015 Incoming N/A
with FortiOS opens up the port for
FortiOS to connect to as a
client.
FortiClient EMS 7.2.4 QuickStart Guide 6
Fortinet Inc.
Introduction
Communication Usage Protocol Port Incoming/Outgoing How to
customize
ACME EMS can use certificates TCP 80 Incoming N/A
that Let's Encrypt and
other certificate
management services
that use the ACME
protocol manage.
This feature also requires
port 443.
See Adding an SSL
certificate to FortiClient
EMS.
License FortiCare login TCP 443 Outgoing N/A
synchronization (support.fortinet.com) to
synchronize licenses
FortiCloud FortiCloud services TCP 443 Outgoing N/A
(forticlient.forticloud.com)
SCEP service Installing zero trust TCP 40001, Incoming N/A
network access certificate 40002
The following ports and services only apply when using FortiClient EMS to manage Chromebooks:
Communication Usage Protocol Port Incoming/Outgoing How to
customize
FortiClient on Connecting to TCP 8443 Incoming GUI
Chrome OS FortiClient EMS (default)
You can
customize
this port.
Google Workspace Retrieving Google TCP 443 Outgoing N/A
API/Google domain domain information
directory using API calls
You should enable the following ports and services for use on Chromebooks when using FortiClient for Chromebooks:
Communication Usage Protocol Port Incoming/Outgoing How to
customize
FortiClient EMS Connecting to the TCP 8443 Outgoing Via Google
profile server (default) Admin
console when
adding the
profile
FortiGuard Rating URLs TCP 443, 3400 Outgoing N/A
FortiClient EMS 7.2.4 QuickStart Guide 7
Fortinet Inc.
Introduction
FortiClient EMS connects to FortiGuard to download AV and vulnerability scan engine and signature updates and
FortiClient and EMS installer downloads. FortiClient EMS can connect to legacy FortiGuard or FortiGuard Anycast. The
following table summarizes required services for FortiClient EMS to communicate with FortiGuard:
Usage Server URL Proto Por Incoming/Out How to
col t going custom
ize
Global U.S. Europe
AV/vulnera forticlient.fortinet usforticlient.forti N/A TCP 80 Outgoing N/A
bility .net net.net
signature myforticlient.forti
update and net.net
FortiClient
installer
downloads
AV/vulnera fctupdate.fortine fctusupdate.forti fcteuupdate.forti TCP 443 Outgoing N/A
bility t.net net.net net.net
signature
updates
with
FortiGuard
Anycast
and
FortiClient
installer
package
download
FortiClient EMS can also connect to FortiClient Cloud Sandbox (SaaS) for integration with FortiSandbox. The following
table summarizes required services for FortiClient EMS to communicate with FortiClient Cloud Sandbox (SaaS):
Usage Server URL Protocol Port Incoming/Outgoing How to
customize
FortiClient aptctrl1.fortinet.com TCP 443 (default) Outgoing N/A
EMS Cloud
Sandbox
(SaaS)
connection
For the list of required services and ports for FortiClient, see the FortiClient Administration
Guide.
FortiClient EMS 7.2.4 QuickStart Guide 8
Fortinet Inc.
Introduction
Deployment options
FortiClient EMS supports the following deployment scenarios: participating in the Fortinet Security Fabric or standalone.
Security Fabric
This deployment requires a FortiGate and supports NAC. In this scenario, FortiClient Telemetry connects to EMS to
receive a profile of configuration information as part of an endpoint policy. EMS connects to FortiGate to participate in the
Security Fabric and allow endpoints to participate in the Fabric. The FortiGate can also receive dynamic endpoint group
lists from EMS and use them to build dynamic firewall policies. Depending on the EMS Zero Trust tagging rules and
policies configured in FortiOS, the FortiClient endpoint may be blocked from accessing the network.
FortiClient EMS 7.2.4 QuickStart Guide 9
Fortinet Inc.
Introduction
Standalone
Standalone mode does not require a FortiGate. In standalone mode, EMS deploys FortiClient on endpoints, and
endpoints connect Telemetry to EMS to receive configuration information from EMS. EMS also sends Zero Trust tagging
rules to FortiClient, and uses the results from FortiClient to dynamically group endpoints in EMS. You use EMS to
deploy, configure, and monitor FortiClient endpoints.
Chromebook setup
The following sections only apply if you plan to use FortiClient EMS to manage Chromebooks:
FortiClient EMS 7.2.4 QuickStart Guide 10
Fortinet Inc.
Introduction
Install preparation for managing Chromebooks
Google Workspace account
You must sign up for your Google Workspace (formerly G Suite) account before you can use the Google service and
manage your Chromebook users.
The Google Workspace account is different from the free consumer account. The Google Workspace account is a paid
account that gives access to a range of Google tools, services, and technology.
You can sign up for a Google Workspace account here.
In the signup process, you must use your email address to verify your Google domain. This also proves you have
ownership of the domain.
SSL certificates
FortiClient EMS requires an SSL certificate signed by a Certificate Authority (CA) in pfx format. Use your CA to generate
a certificate file in pfx format, and remember the configured password. For example, the certificate file name is server.pfx
with password 111111.
The server where you installed FortiClient EMS should have an FQDN, such as ems.forticlient.com, and you must
specify the FQDN in your SSL certificate.
If you are using a public SSL certificate, the FQDN can be included in Common Name or Subject Alternative Name. You
must add the SSL certificate to FortiClient EMS. See Adding an SSL certificate to FortiClient EMS. You do not need to
add the root certificate to the Google Admin console.
If you are using a self-signed certificate (non-public SSL certificate), your certificate's Subject Alternative Name must
include DNS:<FQDN>, for example, DNS:ems.forticlient.com. You must add the SSL certificate to FortiClient EMS
and the root certificate to the Google Admin console to allow the extension to trust FortiClient EMS. See Adding root
certificates on page 37.
How FortiClient EMS and FortiClient work with Chromebooks
After you install and configure FortiClient EMS, the Google Admin console, and the FortiClient Web Filter extension, the
products work together to provide web filtering security for Google Chromebook users logged into the Google domain.
Following is a summary of how the products work together after setup is complete:
1. A user logs into the Google Chromebook.
2. The Google Chromebook downloads the FortiClient Web Filter extension.
3. FortiClient connects to FortiClient EMS.
4. FortiClient downloads a profile to the Google Chromebook. The profile contains web filtering settings from
FortiClient EMS.
5. The user browses the internet on the Google Chromebook.
6. FortiClient sends the URL query to the Fortinet Ratings Server.
7. The Fortinet Ratings Server returns the category result to FortiClient. FortiClient compares the category result with
the profile to determine whether to allow the Google Chromebook user to access the URL.
FortiClient EMS 7.2.4 QuickStart Guide 11
Fortinet Inc.
Introduction
FortiClient EMS 7.2.4 QuickStart Guide 12
Fortinet Inc.
Installation
FortiClient EMS is necessary to install on endpoints. For a complete endpoint solution, use FortiClient EMS for central
management and provisioning of endpoints.
Following is a summary of how to install and start FortiClient EMS:
1. Download the installation file. See Downloading the installation file on page 13.
2. Install FortiClient EMS. See Installing FortiClient EMS on page 13.
3. Start FortiClient EMS and log in. See Starting FortiClient EMS and logging in on page 19.
For information about upgrading FortiClient EMS, see the FortiClient EMS Release Notes.
A video on how to install, log in, and change your administrator password is available in the
Fortinet Video Library.
Downloading the installation file
FortiClient EMS is available for download from the Fortinet Support website.
You can also receive the installation file from a sales representative.
The following installation file is available for FortiClient EMS:
FortiClientEndpointManagement_7.2.4.<build>_x64.exe
For information about obtaining FortiClient EMS, contact your Fortinet reseller.
Installing FortiClient EMS
The FortiClient EMS installation package includes:
l FortiClient EMS
l Microsoft SQL Server 2017 Express Edition
l Apache HTTP server
Installing FortiClient EMS requires local administrator rights. Internet access is recommended,
but optional, during installation. SQL Server may require some dependencies to be
downloaded over the internet. EMS also tries to download information about FortiClient
signature updates from FortiGuard.
FortiClient EMS 7.2.4 QuickStart Guide 13
Fortinet Inc.
Installation
To install EMS:
1. Do one of the following:
a. If you are logged into the system as an administrator, double-click the downloaded installation file.
b. If you are not logged in as an administrator, right-click the installation file, and select Run as administrator.
2. If applicable, select Yes in the User Account Control window to allow the program to make changes to your system.
3. In the installation window, select I agree to the license terms and conditions if you agree with the license terms and
conditions. If you do not agree, you cannot install the software.
4. (Optional) Click Options to specify a custom directory for the FortiClient EMS installation.
a. Click Browse to locate and select the custom directory.
b. Click OK to return to the installation wizard.
5. Click Install.
The installation may take 30 minutes or longer. It may appear to stop at times, but this is only because certain steps
in the installation process take longer than others.
FortiClient EMS 7.2.4 QuickStart Guide 14
Fortinet Inc.
Installation
6. When the program has installed correctly, the Success window displays. Click Close.
A FortiClient Endpoint Management Server icon is added to the desktop.
Licensing EMS by logging in to FortiCloud
You must license FortiClient EMS to use it for endpoint management and provisioning.
Applying a trial license to FortiClient EMS
To apply a trial license to FortiClient EMS:
The following steps assume that you have already acquired an EMS installation file from FortiCloud or a Fortinet sales
representative for evaluation purposes and installed EMS.
1. In EMS, in the License Information widget, click Add beside FortiCloud Account.
2. In the FortiCloud Registration dialog, enter your FortiCloud account credentials. If you do not have a FortiCloud
account, create one.
3. Read and accept the license agreement terms.
4. Click Login & Sync License Now. If your FortiCloud account is eligible for an EMS trial license, the License
Information widget updates with the trial license information, and you can now manage three Windows, macOS,
Linux, iOS, and Android endpoints indefinitely.
Applying paid licenses to FortiClient EMS
To apply a paid license to FortiClient EMS:
The following steps assume that you have already purchased and acquired your EMS and FortiClient licenses from a
Fortinet reseller.
1. Log in to your FortiCloud account on Customer Service & Support.
2. Go to Asset Management.
3. Click Register More.
4. In the Registration Code field, enter the Contract Registration Code from your service registration document.
Configure other fields as required, then click Next.
FortiClient EMS 7.2.4 QuickStart Guide 15
Fortinet Inc.
Installation
5. Do one of the following:
a. If this is the first license that you are applying to this EMS server, do the following:
i. Click Register.
ii. In the Hardware ID field, enter the hardware ID found in Dashboard > Status > License Information widget
> Config License in EMS. If you register the license prior to installing EMS, you must enter the hardware
ID after installation. Configure other fields as required, then click Next.
iii. Complete the registration, then click Confirm.
iv. In EMS, go to Dashboard > Status > License Information widget > Config License.
v. For License Source, select FortiCare.
vi. In the FortiCloud Account field, enter your FortiCloud account ID or email address.
vii. In the Password field, enter your FortiCloud account password.
viii. Click Login & Update License. Once your account information is authenticated, EMS updates the
Configure License page with the serial number and license information that it retrieved from FortiCloud.
b. As the FortiClient EMS Administration Guide describes, you can apply multiple license types to the same EMS
server. For example, if you have already applied an EPP license to your EMS server, you can apply another
license type, such as a ZTNA license, to the same EMS server. If desired, add another license type:
i. On the Registration Confirmation page, when applying an additional license type, you must select Renew
on the contract registration screen, regardless of the license types of the first and subsequent licenses.
Selecting Renew combines the new license with any existing licenses for the EMS server and allows you
to add the new license type to EMS while retaining previously applied license(s).
When applying an additional license type to EMS, selecting Register instead of
Renew creates an additional license file instead of combining the new license with
the existing license(s). You cannot apply the new and existing licenses to the same
EMS server.
FortiClient EMS 7.2.4 QuickStart Guide 16
Fortinet Inc.
Installation
ii. In the Serial Number field, enter the EMS serial number or select the EMS instance from the list. You can
find the serial number in Dashboard > Status > License Information widget > Configure License in EMS.
Click Next.
iii. Complete the registration, then click Confirm.
EMS reports the following information to FortiCare. FortiCloud displays this information in its dashboard and asset
management pages:
l EMS software version
l Number of FortiClient endpoints currently actively licensed under and being managed by this EMS
l Endpoint license expiry statuses. You can use this information to plan license renewals.
Using a second license to extend the license expiry date does not increase the number of
licensed clients. To increase the number of licensed clients, contact Fortinet Support for a co-
term contract.
If you previously activated another license with the same EMS hardware ID, you receive a
duplicated UUID error. In this case, contact Customer Support to remove the hardware ID from
the old license.
To apply multiple paid licenses to FortiClient EMS:
You may want to apply multiple paid licenses of the same type to at the same time. For example, if you want EMS to
manage 525 ZTNA endpoints, you can purchase two ZTNA licenses: one for 500 endpoints, and another for 25
endpoints. In this scenario, you need to register the licenses at the same time.
The following steps assume that you have already purchased and acquired your EMS and FortiClient licenses from a
Fortinet reseller.
1. Log in to your FortiCloud account on Customer Service & Support.
2. Go to Register Product.
3. In the Registration Code field, enter the Contract Registration Codes from your service registration documents.
Separate the codes with a comma. For example, to register the 3922U and 1057U codes in the following
screenshots, you would enter 3922U,1057U in the Registration Code field. Configure other fields as required, then
click Next.
FortiClient EMS 7.2.4 QuickStart Guide 17
Fortinet Inc.
Installation
4. Do one of the following:
a. If these are the first licenses that you are applying to this EMS server, do the following:
i. Click Register.
ii. In the Hardware ID field, enter the hardware ID found in Dashboard > Status > License Information widget
> Configure License in EMS. If you register the licenses prior to installing EMS, you must enter the
hardware ID after installation. Configure other fields as required, then click Next.
iii. Complete the registration, then click Confirm.
iv. In EMS, go to Dashboard > Status > License Information widget > Configure License.
v. For License Source, select FortiCare.
vi. In the FortiCloud Account field, enter your FortiCloud account ID or email address.
vii. In the Password field, enter your FortiCloud account password.
viii. Click Login & Update License. Once your account information is authenticated, EMS updates the
Configure License page with the serial number and license information that it retrieved from FortiCloud.
b. As described in the FortiClient EMS Administration Guide, you can apply multiple license types to the same
EMS server. For example, if you have already applied an EPP license to your EMS server, you can apply other
license types, such as a ZTNA license, to the same EMS server. If desired, add another license type:
i. On the Registration Confirmation page, when applying an additional license type, you must select Renew
on the contract registration screen, regardless of the license types of the first and subsequent licenses.
Selecting Renew combines the new licenses with any existing licenses for the EMS server and allows you
to add the new license types to EMS while retaining previously applied license(s).
When applying an additional license types to EMS, selecting Register instead of
Renew creates an additional license file instead of combining the new licenses with
the existing license(s). You cannot apply the new and existing licenses to the same
EMS server.
ii. In the Serial Number field, enter the EMS serial number or select the EMS instance from the list. You can
find the serial number in Dashboard > Status > License Information widget > Configure License in EMS.
Click Next.
iii. Complete the registration, then click Confirm.
EMS reports the following information to FortiCare. FortiCloud displays this information in its dashboard and asset
management pages:
FortiClient EMS 7.2.4 QuickStart Guide 18
Fortinet Inc.
Installation
l EMS software version
l Number of FortiClient endpoints currently actively licensed under and being managed by this EMS
l Endpoint license expiry statuses. You can use this information to plan license renewals.
Using a second license to extend the license expiry date does not increase the number of
licensed clients. To increase the number of licensed clients, contact Fortinet Support for a co-
term contract.
If you previously activated another license with the same EMS hardware ID, you receive a
duplicated UUID error. In this case, contact Customer Support to remove the hardware ID from
the old license.
Starting FortiClient EMS and logging in
FortiClient EMS runs as a service on Windows computers.
To start FortiClient EMS and log in:
1. Double-click the FortiClient Endpoint Management Server icon.
2. By default, the admin user account has no password. Sign in with the username admin and no password.
3. You must now EMS add a password for increased security. Change the password following the rules shown. Click
Submit.
4. EMS displays a popup after login in the following scenarios:
l If you did not import a secure SSL certificate. See Server Certificates.
l If you imported a secure SSL certificate to EMS, but configure it in Endpoint Control certificate. See Configuring
EMS settings.
Configuring EMS after installation
You can configure a fully qualified domain name (FQDN) for EMS.
FortiClient EMS 7.2.4 QuickStart Guide 19
Fortinet Inc.
Installation
FortiClient's connection to EMS is critical to managing endpoint security. Managing this is relatively easy for internal
devices. For external devices or devices that may leave the internal network, you must consider how to maintain this
connection. FortiClient can connect to EMS using an IP address or FQDN. An FQDN is preferable for the following
reasons:
l Easy to migrate EMS to a different IP address
l Easy to migrate to a different EMS instance
l Flexible to dynamically resolve the FQDN
The third reason is particularly valuable for environments where devices may be internal or external from day to day.
When using an FQDN, you can configure your internal DNS servers to resolve the FQDN to the EMS internal IP address
and register your external IP address with public DNS servers. You must then configure the device with your external IP
address to forward communication received on port 8013 to your EMS internal IP address. This allows your external
clients to leverage a virtual IP address on the FortiGate so that they can reach EMS, while allowing internal clients to use
the same FQDN to reach EMS directly.
Alternatively, you can use a private IP address for the connection. This configuration requires external clients to
establish a VPN connection to reach the EMS (VPN policies permitting). This configuration can be problematic if all
endpoints need an urgent update but some are disconnected from VPN at that time.
You can also configure FortiClient EMS so that you can access it remotely using a web browser instead of the GUI.
To enable remote access to FortiClient EMS:
1. Go to System Settings > EMS Settings.
2. Enable Use FQDN. In the FQDN field, enter the desired FQDN.
3. If desired, in the Custom hostname field, enter the hostname or IP address. Otherwise, EMS uses the Pre-defined
hostname.
4. If desired, select the Redirect HTTP request to HTTPS checkbox. If this option is enabled, if you attempt to remotely
access EMS at http://<server_name>, this automatically redirects to https://<server_name>.
5. Click Save.
To remotely access FortiClient EMS:
l To access EMS from the EMS server, visit https://localhost
l To access the server remotely, use the server's hostname: https://<server_name>
Ensure you can ping <server_name> remotely. You can achieve this by adding it into a DNS entry or to the
Windows hosts file. You may need to modify the Windows firewall rules to allow the connection.
FortiClient EMS 7.2.4 QuickStart Guide 20
Fortinet Inc.
Windows, macOS, and Linux endpoint management setup
This section describes how to set up FortiClient EMS for Windows, macOS, and Linux endpoint management. It provides
an overview of using FortiClient EMS and FortiClient EMS integrated with FortiGate.
Following is a summary of how to use FortiClient EMS:
1. Configure user accounts. See Configuring user accounts on page 21.
2. Create an endpoint profile. See Creating a new profile on page 22.
3. Add a FortiClient deployment package to EMS and configure it with the profile that you created in step 3. See
Adding a FortiClient deployment package on page 23.
4. Deploy the FortiClient deployment package. See Deploying the FortiClient deployment package to endpoints on
page 26.
Depending on the selected profile's configuration, FortiClient is installed on the endpoints to which the profile is
applied.
After FortiClient installation, the endpoint connects FortiClient Telemetry to FortiClient EMS to receive the profile
configuration and complete endpoint management setup.
5. View the endpoint status. See Viewing endpoints on page 26.
Configuring user accounts
You can configure Windows and LDAP users to have no access or administrator access to FortiClient EMS. You can
also create a new user account in EMS.
EMS derives the Windows users from the host server that it is installed on. To add more Windows users, you must add
them to the host server. EMS derives the list of LDAP users from those in the Active Directory (AD) domain imported into
FortiClient EMS. To add more LDAP users, they must already exist in the AD domain configured as the user server.
To configure Windows and LDAP user accounts:
1. Go to Administration > Admin Users.
2. Click the Add button.
3. Under User source, select Choose from Windows users or Choose from LDAP.
4. If you selected Choose from LDAP, select the desired server from the Authentication Server dropdown list. You
must have already configured an authentication server.
5. Click Next.
FortiClient EMS 7.2.4 QuickStart Guide 21
Fortinet Inc.
Windows, macOS, and Linux endpoint management setup
6. Configure the user:
Option Description
Username (New user account only) enter the desired username.
User (Windows/LDAP only) Select the user to configure permissions for.
Role Select the desired admin role for this user.
Domain Select or add access to a domain for the user. If desired, enable Allow all domains to allow this
Access user access to all domains connected to EMS.
Restrict When this option is enabled, users can only log into this account from a trusted host machine.
Login to In the Trusted Hosts field, enter a trusted host machine's IP address. Use the + button to add
Trusted multiple trusted host machines.
Hosts
Comment Enter optional comments/information for the Windows/LDAP user.
7. Click Save.
When an admin user from an AD domain logs into EMS, they must provide the domain name
as part of their username to log in successfully. For example, if the domain name is "example-
domain" and the username is "admin", the user must enter "example-domain/admin" when
logging into EMS.
Creating a new profile
This section describes how to create a profile. You can use this profile to configure FortiClient software on endpoints by
including it in an endpoint policy and deploying the policy to endpoints.
To create a profile to configure FortiClient:
1. Go to Endpoint Profiles.
2. Select the desired profile type.
3. Click the Add button.
4. Do one of the following:
a. To create a Windows, macOS, and Linux profile, click Add Profile.
b. To create a Chromebook profile, click Add Chrome Profile.
5. Configure the settings as desired.
6. Click Save to save the profile.
FortiClient EMS 7.2.4 QuickStart Guide 22
Fortinet Inc.
Windows, macOS, and Linux endpoint management setup
Adding a FortiClient deployment package
After you add a FortiClient deployment package to FortiClient EMS, you cannot edit it. You can
delete the deployment package from FortiClient EMS, and edit the deployment package
outside of FortiClient EMS. You can then add the edited deployment package to FortiClient
EMS.
To add a deployment package:
1. Go to Deployment & Installers > FortiClient Installer.
2. Click Add.
3. On the Version tab, set the following options:
Installer Type Use an official or custom FortiClient installer.
x86 (32-bit) Windows installers are only available in EMS for backward
compatibility with FortiClient 7.0. Using x86 (32-bit) installers for installation is
not recommended.
When using a custom FortiClient installer, you can select from a list of
previously uploaded installers, or upload a new custom installer. You can also
remove previously created installers.
To upload a new custom FortiClient installer, enter the desired name, then
upload 64-bit Window and/or macOS custom installers. You can download
FortiClient installers to use with FortiClient EMS from Fortinet Customer
Service & Support. This requires a support account with a valid support
contract. You can also download installers from FortiClient.com. Download the
Windows or macOS installation file. The installation files on the Fortinet
Customer Service & Support and FortiClient.com websites are not available in
.msi or .zip format. You must package the installer as an .msi or .zip file to
upload it.
Release Select the FortiClient release version to install.
Patch Select the specific FortiClient patch version to install.
Keep updated to the latest Enable EMS to repackage EMS-created FortiClient deployment package to
patch the latest patch release.
4. Click Next. On the General tab, set the following options:
Name Enter the FortiClient deployment package name.
Notes (Optional) Enter notes about the FortiClient deployment package.
5. Click Next. On the Features tab, set the following options:
Available options may differ depending on the features you have enabled or disabled in
Feature Select. See Feature Select.
FortiClient EMS 7.2.4 QuickStart Guide 23
Fortinet Inc.
Windows, macOS, and Linux endpoint management setup
Zero Trust Telemetry Enabled by default and cannot be disabled. Installs FortiClient with Telemetry
enabled.
Secure Access Architecture Install FortiClient with SSL and IPsec VPN enabled. Disable to omit SSL and
Components IPsec VPN support from the FortiClient deployment package.
If you enable this feature for a deployment package and include a
preconfigured VPN tunnel in the included endpoint profile, users who use this
deployment package to install FortiClient can connect to this preconfigured
VPN tunnel for three days after their initial FortiClient installation. This is useful
for remote users, as it allows them to connect to the corporate network to
activate their FortiClient license. If the user does not activate their FortiClient
license within the three days, all FortiClient features, including VPN, stop
working on their device.
Vulnerability Scan Enabled by default and cannot be disabled. Installs FortiClient with
Vulnerability Scan enabled.
Advanced Persistent Threat Install FortiClient with APT components enabled. Disable to omit APT
(APT) Components components from the FortiClient deployment package. Includes FortiSandbox
detection and quarantine features.
Additional Security Features Enable any of the following features:
l Malware
l AntiVirus, Anti-Exploit, Removable Media Access
l Anti-Ransomware
l Cloud Based Malware Outbreak Detection
l Web Filtering
l Application Firewall
l Single Sign-On mobility agent
l Zero Trust Network Access. Note that the zero trust network access
feature is always installed on a macOS endpoint, regardless of whether
this option is enabled or disabled.
l Privilege Access Management
Disable to exclude features from the FortiClient deployment package.
If you enable a feature in the deployment package that is disabled in Feature Select, the feature is installed on the
endpoint, but is disabled and does not appear in the FortiClient GUI. For example, when Web Filter is disabled in
Feature Select, if you enable Web Filtering in a deployment package, the deployment package installs Web Filter on
the endpoint. However, the Web Filter feature is disabled on the endpoint and does not appear in the FortiClient
GUI.
6. Click Next. On the Advanced tab, set the following options:
Enable desktop shortcut Configure the FortiClient deployment package to create a desktop shortcut on
the endpoint.
Enable start menu shortcut Configure the FortiClient deployment package to create a Start menu shortcut
on the endpoint.
FortiClient EMS 7.2.4 QuickStart Guide 24
Fortinet Inc.
Windows, macOS, and Linux endpoint management setup
Enable Installer ID Configure an installer ID. Select an existing installer ID or enter a new installer
ID. If creating an installer ID, select a group path or create a new group in the
Group Path field. FortiClient EMS automatically groups endpoints according to
installer ID group assignment rules.
If you manually move the endpoint to another group after EMS places it into
the group defined by the installer ID group assignment rule, EMS returns the
endpoint to the group defined by the installer ID group assignment rule.
In an environment with a large number of endpoints, since you can configure
each deployment package with only one installer ID, it may be inefficient to
create a deployment package for each installer ID.
Enable Endpoint VPN Profile Select an endpoint VPN profile to include in the installer. EMS applies the VPN
profile to the endpoint once it has installed FortiClient. This option is necessary
if users require VPN connection to connect to EMS.
Enable Endpoint System Select an endpoint system profile to include in the installer. EMS applies the
Profile system profile to the endpoint once it has installed FortiClient. This option is
necessary if it is required to have certain security features enabled prior to
contact with EMS.
Invalid Certificate Action Select the action to take when FortiClient attempts to connect to EMS with an
invalid certificate:
l Warn: warn the user about the invalid server certificate. Ask the user
whether to proceed with connecting to EMS, or terminate the connection
attempt. FortiClient remembers the user's decision for this EMS, but
displays the warning prompt if FortiClient attempts to connect to another
EMS (using a different EMS FQDN/IP address and certificate) with an
invalid certificate.
l Allow: allows FortiClient to connect to EMS with an invalid certificate.
l Deny: block FortiClient from connecting to EMS with an invalid certificate.
7. Click Next. The Telemetry tab displays the hostname and IP address of the FortiClient EMS server, which manage
FortiClient once it is installed on the endpoint.
8. Click Finish. The FortiClient deployment package is added to FortiClient EMS and displays on the Deployment
Installers > FortiClient Installer pane. The deployment package may include .exe (32-bit and 64-bit), .msi, and .dmg
files depending on the configuration. The following shows an example of a deployment package that includes .exe,
.msi, and .dmg files. The end user can download these files to install FortiClient on their machine with the desired
configuration.
If the Sign software packages option is enabled in System Settings > EMS Settings, Windows
deployment packages display as being from the publisher specified in the certificate file. See
the FortiClient EMS Administration Guide.
FortiClient EMS 7.2.4 QuickStart Guide 25
Fortinet Inc.
Windows, macOS, and Linux endpoint management setup
Deploying the FortiClient deployment package to endpoints
To deploy the FortiClient deployment package to endpoints:
Deploy the FortiClient deployment package to desired endpoints using one of the following:
l SCCM: see Deploy applications with Configuration Manager.
l GPO: Use Group Policy to remotely install software.
Viewing endpoints
After you add endpoints to FortiClient EMS, you can view the list of endpoints in a domain or workgroup in the Endpoints
pane. You can also view details about each endpoint and use filters to access endpoints with specific qualities.
Viewing the Endpoints pane
You can view information about endpoints in Endpoints.
To view the Endpoints pane:
1. Go to Endpoints, and select All Endpoints, a domain, or workgroup. The list of endpoints, a quick status bar, and a
toolbar display in the content pane.
Not Installed Number of endpoints that do not have FortiClient installed. Click to display the
list of endpoints without FortiClient installed.
Not Registered Number of endpoints that are not connected to FortiClient EMS. Click to
display the list of disconnected endpoints.
Out-Of-Sync Number of endpoints with an out-of-sync profile. Click to display the list of
endpoints with out-of-sync profiles.
Security Risk Number of endpoints that are security risks. Click to display the list of
endpoints that are security risks.
Quarantined Number of endpoints that EMS has quarantined. Click to display the list of
quarantined endpoints.
Endpoints Click the checkbox to select all endpoints displayed in the content pane.
Show/Hide Heading Click to hide or display the following column headings: Device, User, IP,
Configurations, Connections, and Alerts and Events.
Show/Hide Full Group Path Click to hide or display the full path for the group that the endpoint belongs to.
Refresh Click to refresh the list of endpoints.
Search All Fields Enter a value and press Enter to search for the value in the list of endpoints.
Filters Click to display and hide filters you can use to filter the list of endpoints.
FortiClient EMS 7.2.4 QuickStart Guide 26
Fortinet Inc.
Windows, macOS, and Linux endpoint management setup
Device Visible when headings are displayed. Displays an icon to represent the OS on
the endpoint, the hostname, and the endpoint group.
User Visible when headings are displayed. Displays the name and icon of the user
logged into the endpoint. Also displays the endpoint status:
l Online: endpoint has been seen within less than three keep alive
timeouts.
l Away: endpoint has been offline for less than eight hours.
l Offline: endpoint has been offline for more than eight hours.
l Never Seen: endpoint has never been registered to EMS.
When using user-based licensing, you can use the dropdown list to view all
registered users for this endpoint. The dropdown list displays the verified user
and device username.
IP Visible when headings are displayed. Displays the endpoint IP address.
Configurations Visible when headings are displayed. Displays the name of the policy
assigned to the endpoint and its synchronization status.
Connections Visible when headings are displayed. Displays the connection status between
FortiClient and FortiClient EMS. If the endpoint is connected to a FortiGate,
displays the FortiGate hostname.
Alerts and Events Visible when headings are displayed. Displays FortiClient alerts and events for
the endpoint.
2. Click an endpoint to display its details in the content pane. The following dropdown lists display in the toolbar for the
selected endpoint:
Scan Click to start a Vulnerability or AV scan on the selected endpoint.
Patch Click to patch all critical and high vulnerabilities on the selected endpoint.
Choose one of the following options:
l Selected Vulnerabilities on Selected Clients
l Selected Vulnerabilities on All Affected Clients
l All Critical and High Vulnerabilities
Move to Move the endpoint to a different group.
FortiClient EMS 7.2.4 QuickStart Guide 27
Fortinet Inc.
Windows, macOS, and Linux endpoint management setup
Action Click to perform one of the following actions on the selected endpoint:
l Request FortiClient Logs
l Request Diagnostic Results
l Update Signatures
l Download Available FortiClient Logs
l Download Available Diagnostic Results
l Deregister
l Quarantine
l Un-quarantine
l Exclude from Management
l Revoke Client Certificate. This action is only available if the ZTNA or EPP
license is applied and for endpoints running FortiClient 7.0.0 and later
versions. Revoke the certificate that FortiClient is using to securely
encrypt and tunnel TCP traffic through HTTPS to the FortiGate. You may
want to revoke a certificate if it becomes compromised and can no longer
be trusted. When a certificate is revoked, EMS prompts FortiOS and
FortiClient with a new certificate signing request.
l Clear Events
l Mark as Uninstalled
l Set Importance
l Set Custom Tags. This option is only available if you have already created
a custom tag.
l Delete Device
l Send Message. See Send endpoints one-way message 7.2.1.
The following tabs are available in the content pane toolbar when you select an endpoint, depending on which
FortiClient features are installed on the endpoint and enabled via the assigned profile:
Summary
<user name> Displays the name of the user logged into the selected endpoint. Also displays
the user's avatar, email address, and phone number if these are provided to
FortiClient on the endpoint. If the user's LinkedIn, Google, Salesforce, or other
cloud app account is linked in FortiClient, the username from the cloud
application displays. Also displays the group that the endpoint belongs to in
EMS.
Device Displays the selected endpoint's hostname. You can enter an alias if desired.
OS Displays the selected endpoint's operating system and version number.
IP Displays the selected endpoint's IP address.
MAC Displays the selected endpoint's MAC address.
Last Seen Displays the last date and time that FortiClient sent a keep-alive message to
EMS. This information is useful if FortiClient is offline because it indicates
when the last keep-alive message occurred.
FortiClient EMS 7.2.4 QuickStart Guide 28
Fortinet Inc.
Windows, macOS, and Linux endpoint management setup
Location Displays whether the selected endpoint is on- or off-fabric. You can also view
any on-fabric detection rules that the endpoint is applicable for.
Network Status Displays the following information for the networks that the endpoint is
connected to:
l MAC address
l IP address
l Gateway IP address
l Gateway MAC address
l SSID for Wi-Fi connections
Hardware Displays the hardware model, vendor, CPU, RAM, and serial number
Details information for the endpoint device, if available.
Zero Trust Tags Displays which tags have been applied to the endpoint based on the Zero
Trust tagging rules.
FortiGuard Displays which FortiGuard Outbreak tags have been applied to the endpoint
Outbreak based on the FortiGuard Outbreak Alerts service rules.
Detections
Connection Displays the connection status between the selected endpoint and FortiClient
EMS.
Configuration Displays the following information for the selected endpoint:
l Policy: Endpoint policy assigned to the selected endpoint
l Installer: FortiClient installer used for the selected endpoint.
l Progress: this field is intended to display deployment progress for a
FortiClient installer. However, it currently does not accurately display
deployment progress.
l FortiClient Version: FortiClient version installed on the selected endpoint.
l FortiClient Serial Number: Serial number for the selected endpoint's
FortiClient license.
l FortiClient ID
l ZTNA Serial Number: serial number for the zero trust network access
certificate provisioned to the endpoint.
l MDM Enrolled: whether the endpoint is enrolled on a mobile device
management (MDM) platform.
l MDM Deployment Status: whether a ZTNA certificate provisioned through
MDM has been installed on the endpoint.
Classification Displays classification tags that are currently assigned to the endpoint. You
Tags can also assign a classification tag to the endpoint. Classification tags include
the default importance level tags (low, medium, high, or critical), and custom
tags. An endpoint can only have one default importance tag assigned, but can
have multiple custom tags assigned. You can also unassign a tag from the
endpoint, and create, assign, or delete a custom tag. To create a new custom
tag, click the Add button, enter the desired tag, the click the + button. When
you create a tag, it is available for assignment to all endpoints in the current
site.
FortiClient EMS 7.2.4 QuickStart Guide 29
Fortinet Inc.
Windows, macOS, and Linux endpoint management setup
You can assign a classification tag to multiple endpoints by selecting the
endpoints, then selecting Action > Set Importance or Set Custom Tags.
Tags that FortiClient EMS receives from FortiAnalyzer also display under
Classification Tags.
Classification Displays Fabric classification tags that are currently assigned to the endpoint.
Tags - Fabric In a Fabric deployment, FortiEDR can detect suspicious or compromised
endpoint behavior, share that endpoint's security status with EMS, and tag the
affected endpoint on EMS. You can view these tags under Classification Tags
- Fabric. You can also unassign a tag from the endpoint. The following lists the
predefined tags for FortiEDR use:
l FortiEDR_Malicious: FortiEDR has classified this endpoint as malicious.
l FortiEDR_PUP: FortiEDR has detected a potentially unwanted program
on this endpoint.
l FortiEDR_Suspicious: FortiEDR has detected suspicious activity on this
endpoint.
l FortiEDR_Likely_Safe: FortiEDR has detected this endpoint as likely to
be safe.
l FortiEDR_Probably_Good: FortiEDR has determined that this endpoint
is not a safety risk.
See Identity Management integration.
Forensic Displays statuses for forensic analysis tasks:
Analysis l Ticket Status: status of the ticket. Possible statuses are:
l Request Submitted
l Pending: Forensic analysis request has been initiated. The
Forensics team has not yet assigned it to an analyst.
l Running
l In Progress: Forensics team has assigned the request to an analyst,
who has begun working on it.
l Failed: analyst could not connect to the endpoint.
l Cancelled: indicates one of the following:
l The analyst needed more information about the endpoint to
perform the analysis.
l The EMS administrator canceled the request.
l Completed: analyst has completed analysis on the endpoint and
shared the result in a PDF document. You can download the report
from the endpoint summary's Forensic Analysis section.
l Agent Status: status of the forensic agent collecting logs on the
endpoint. Possible statuses are:
l Pending: EMS has notified FortiClient that a forensic analysis
request is submitted, but the forensic agent is not running yet.
l Running: forensics agent starts collecting forensics logs.
l Collection Completed: forensics agent has completed collecting
forensics logs.
l Upload Started: FortiClient has started to upload the logs to the
cloud.
FortiClient EMS 7.2.4 QuickStart Guide 30
Fortinet Inc.
Windows, macOS, and Linux endpoint management setup
l Upload Completed: FortiClient has completed uploading the logs to
the cloud.
l Upload Failed: FortiClient failed to upload the logs to the cloud.
l Verdict: forensic analysis verdict as determined by the FortiGuard
analyst.
l Task ID: Request ID in the FortiGuard forensics system.
l Request Analysis: request forensic analysis on the endpoint. See
Requesting forensic analysis on an endpoint.
l Download Report: download the forensic analysis report.
Status Displays one of the following statuses:
l Managed: Endpoint is managed by EMS.
l Quarantined: If quarantined, displays access code. The user can enter
this access code in the affected endpoint's FortiClient to remove the
endpoint from quarantine.
l Excluded: Endpoint is excluded from management by EMS.
Features Displays which features are enabled for FortiClient.
Third Party Displays which third party features are installed and running on the endpoint.
Features This section includes the status of FortiEDR on the endpoint. This information
is only available for Windows endpoints.
Antivirus Events
Date Displays the AV event's date and time.
Count Displays the number of occurrences for this event.
Message Displays the AV event's message.
Actions Mark the event as read or delete it.
Cloud Scan Events
Date Displays the cloud-based malware detection event's date and time.
Count Displays the number of occurrences for this event.
Message Displays the cloud-based malware detection event's message.
Actions Mark the event as read or delete it.
Anti-Ransomware Events
Date Displays the anti-ransomware event's date and time.
Count Displays the number of occurrences for this event.
Message Displays the anti-ransomware event's message. The message may say that
FortiClient detected ransomware on the endpoint, or that FortiClient restored a
file that the detected ransomware encrypted.
Actions Mark the event as read or delete it.
FortiClient EMS 7.2.4 QuickStart Guide 31
Fortinet Inc.
Windows, macOS, and Linux endpoint management setup
AntiExploit
Events
Date Displays the AntiExploit event's date and time.
Count Displays the number of occurrences for this event.
Message Displays the AntiExploit event's message.
Actions Mark the event as read or delete it.
USB Device Events
Date Displays the USB device event's date and time.
Count Displays the number of occurrences for this event.
Message Displays the USB device event's message.
Actions Mark the event as read or delete it.
Sandbox Events
Date Displays the sandbox event's date and time.
Message Displays the sandbox event's message.
Rating Displays the file's risk rating as retrieved from FortiSandbox.
Checksum Displays the checksum for the file.
Download Download a PDF version of the detailed report.
Magnifying Click to view a more detailed report.
glass
Firewall Events
Date Displays the firewall event's date and time.
Count Displays the number of occurrences for this event.
Message Displays the firewall event's message.
Actions Mark the event as read or delete it.
Web Filter Events
Date Displays the web filter event's date and time.
Count Displays the number of occurrences for this event.
Message Displays the web filter event's message.
Actions Mark the event as read or delete it.
Videofilter
Events
Date Displays the video filter event's date and time.
Count Displays the number of occurrences for this event.
FortiClient EMS 7.2.4 QuickStart Guide 32
Fortinet Inc.
Windows, macOS, and Linux endpoint management setup
Message Displays the video filter event's message.
Actions Mark the event as read or delete it.
Vulnerability Events
Vulnerability Displays the vulnerability's name. For example, Security update available for
Adobe Reader.
Category Displays the vulnerability's category. For example, Third Party App.
Application Displays the name of the application with the vulnerability.
Severity Displays the vulnerability's severity.
Patch Type Displays the patch type for this vulnerability: Auto or Manual.
FortiGuard Displays the FortiGuard ID number. If you click the FortiGuard ID number, it
redirects you to FortiGuard where further information is provided if available.
PUA Events
Name Displays the potentially unwanted application (PUA) name.
Vendor Displays the PUA vendor name.
Version Displays the PUA version number.
Category Displays the PUA category that the application belongs to. PUA categories are
as follows:
l Illegal or unethical
l Cryptomining
l Hacking
l Unpopular
l Phishing
l Malicious
Date Displays the date that EMS detected the PUA. This column is available in
Events view.
Event Type Displays the event type, such as Detected (EMS detected the PUA) or
Uninstalled (the PUA was uninstalled from the endpoint). This column is
available in Events view.
System Events
Date Displays the system event's date and time.
Count Displays the number of occurrences for this event.
Message Displays the system event's message.
Actions Mark the event as read.
Using the quick status bar
You can use the quick status bar to quickly display filtered lists of endpoints on the Endpoints content pane.
FortiClient EMS 7.2.4 QuickStart Guide 33
Fortinet Inc.
Windows, macOS, and Linux endpoint management setup
To use the quick status bar:
1. Go to Endpoints.
2. Click All Endpoints, a domain, or workgroup.
The list of endpoints and quick status bar display.
3. Click one of the following buttons in the quick status bar:
l Not Installed
l Not Registered
l Out-Of-Sync
l Security Risk
l Quarantined
The list of affected endpoints displays.
4. Click an endpoint to display its details.
5. In the Events column, click the AV <number>, SB <number>, FW <number>, VUL<number>, WEB <number> and
SYS<number> buttons to display the associated tab of details for the selected endpoint.
6. Click the Total button to clear the filters. The unfiltered list of endpoints displays.
Viewing endpoint details
You can view each endpoint's details on the Endpoints content pane. For a description of the options on the Endpoints
content pane, see Viewing the Endpoints pane on page 26.
To view endpoint details:
1. Go to Endpoints, and select All Domains, a domain, or workgroup. The list of endpoints for the selected domain or
workgroup displays.
2. Click an endpoint to display details about it in the content pane. Details about the endpoint display in the content
pane.
FortiClient EMS 7.2.4 QuickStart Guide 34
Fortinet Inc.
FortiClient EMS for Chromebooks setup
FortiClient EMS for Chromebooks setup
This section describes how to set up FortiClient EMS for Chromebooks. Following is a summary of how to set up
FortiClient EMS for Chromebooks:
1. Add an SSL certificate. See Adding SSL certificates on page 51.
2. Add the Google domain. See Adding a Google domain on page 52.
3. Create an endpoint profile. See Adding a new Chromebook profile on page 52.
4. Create an endpoint policy configured with the endpoint profile. See Adding a Chromebook policy on page 54.
5. View the status. See Viewing domains on page 55.
Additional configuration procedures are also included in this section.
Google Admin Console setup
This section describes how to add and configure the FortiClient Web Filter extension on Chromebooks enrolled in the
Google domain.
Following is a summary of how to set up the Google Admin console:
1. Log into the Google Admin console. See Logging into the Google Admin console on page 35.
2. Add the FortiClient Web Filter extension. See Adding the FortiClient Web Filter extension on page 36.
3. Configure the FortiClient Web Filter extension. See Configuring the FortiClient Web Filter extension on page 36.
4. Add the root certificate. See Adding root certificates on page 37.
If you are using another Chromebook extension that uses external rendering servers, the
FortiClient Web Filter settings may be bypassed. Check with the third-party extension vendor if
this is the case.
Logging into the Google Admin console
Log into the Google Admin console using your Google domain admin account. The Admin console displays.
FortiClient EMS 7.2.4 QuickStart Guide 35
Fortinet Inc.
FortiClient EMS for Chromebooks setup
Adding the FortiClient Web Filter extension
FortiClient EMS software is unavailable for public use. You can only enable the feature using
the following extension ID: igbgpehnbmhgdgjbhkkpedommgmfbeao
To add the FortiClient Web Filter extension:
1. In the Google Admin console, go to Devices > Chrome > Settings > Users & browsers > Managed Guest Session
Settings.
2. On the left, select the organization that contains the desired users or enrolled browsers. To select all users and
browsers, select the top-level organization. Otherwise, select a child.
3. From the breadcrumbs, select the dropdown list beside Settings, and select Apps & extensions.
4. In the bottom right corner, hover over the + icon, then select Add Chrome app or extension by ID.
5. In the Extension ID field, enter the following extension ID: igbgpehnbmhgdgjbhkkpedommgmfbeao.
6. Click SAVE. The extension displays, with the Force install installation policy.
Configuring the FortiClient Web Filter extension
You must configure the FortiClient Chromebook Web Filter extension to enable the Google Admin console to
communicate with FortiClient EMS.
FortiClient EMS 7.2.4 QuickStart Guide 36
Fortinet Inc.
FortiClient EMS for Chromebooks setup
FortiClient EMS hosts the services that assign endpoint profiles of web filtering policies to groups in the Google domain.
FortiClient EMS also handles the logs and web access statistics that the FortiClient Web Filter extensions send.
FortiClient EMS is the profile server.
For instructions on configuring the extension for connection to FortiClient Cloud, see
Managing Chromebooks with FortiClient Cloud.
To configure the FortiClient Web Filter extension:
1. In FortiClient EMS, locate the server name and port by going to System Settings > EMS Settings.
2. Create a text file that contains the following text:
{
"ProfileServerUrl": { "Value": "https://< ProfileServer >:< port for Profile Server
>"}
}
For example:
{
"ProfileServerUrl": { "Value": "https://ems.mydomain.com:8443"}
}
3. In the Google Admin console, go to Devices > Chrome > Settings > Users & browsers.
4. On the left, select the organization that contains the desired users or enrolled browsers. To select all users and
browsers, select the top-level organization. Otherwise, select a child.
5. From the breadcrumbs, select the dropdown list beside Settings, and select Apps & extensions.
6. Click a domain or organizational unit (OU), then click the FortiClient Web Filter extension.
7. In the right pane, under Policy for extensions, paste the JSON content from step 2.
8. Click SAVE.
9. Go to Devices > Chrome > Apps & extensions to view your configured Chrome applications.
Adding root certificates
Communication with the FortiClient Chromebook Web Filter extension
The FortiClient Chromebook Web Filter extension communicates with FortiClient EMS using HTTPS connections. The
HTTPS connections require an SSL certificate. You must obtain an SSL certificate and add it to FortiClient EMS to allow
FortiClient EMS 7.2.4 QuickStart Guide 37
Fortinet Inc.
FortiClient EMS for Chromebooks setup
the extension to trust FortiClient EMS.
If you use a public SSL certificate, you only need to add the public SSL certificate to FortiClient EMS. See Adding an
SSL certificate to FortiClient EMS.
However, if you prefer to use a certificate not from a common CA, you must add the SSL certificate to FortiClient EMS
and push your certificate's root CA to the Google Chromebooks. Otherwise, the HTTPS connection between the
FortiClient Chromebook Web Filter extension and FortiClient EMS does not work. See Uploading root certificates to the
Google Admin console on page 39.
Communication with FortiAnalyzer for logging
This section applies only if you are sending logs from FortiClient to FortiAnalyzer. If you are not sending logs, skip this
section.
Sending logs to FortiAnalyzer requires you enable administrative domains (ADOM) in
FortiAnalyzer and add FortiClient EMS to FortiAnalyzer. You can add FortiClient EMS as a
device to the FortiClient or Fortinet Security Fabric ADOM in FortiAnalyzer. See the
FortiAnalyzer Administration Guide.
FortiClient supports logging to FortiAnalyzer. If you have a FortiAnalyzer and configure FortiClient to send logs to
FortiAnalyzer, you must enable a FortiAnalyzer CLI command and communication between the FortiClient Web Filter
extension and FortiAnalyzer requires an SSL certificate.
If you use a public SSL certificate, you only need to add the public SSL certificate to FortiAnalyzer. See Adding an SSL
certificate to FortiAnalyzer.
However, if you prefer to use a certificate not from a common CA, you must add the SSL certificate to FortiAnalyzer and
push your certificate's root CA to the Google Chromebooks. Otherwise, the HTTPS connection between the FortiClient
Chromebook Web Filter extension and FortiAnalyzer does not work. See Uploading root certificates to the Google Admin
console on page 39.
The FortiAnalyzer IP address should be specified in the SSL certificate. If you are using a
public SSL certificate, the FortiAnalyzer IP address can be assigned to Common Name or
Alternative Name. If you are using a self-signed (nonpublic) SSL certificate, your certificate's
Subject Alternative Name must include IP:<FortiAnalyzer IP>.
You must use the FortiAnalyzer CLI to add HTTPS-logging to the allow-access list in FortiAnalyzer. This command is
one step in the process that allows FortiAnalyzer to receive logs from FortiClient.
In FortiAnalyzer CLI, enter the following command:
config system interface
edit "port1"
set allowaccess https ssh https-logging
next
end
FortiClient EMS 7.2.4 QuickStart Guide 38
Fortinet Inc.
FortiClient EMS for Chromebooks setup
Adding an SSL certificate to FortiAnalyzer
To add an SSL certificate to FortiAnalyzer:
1. In FortiAnalyzer, go to System Settings > Certificates > Local Certificates.
2. Click Import. The Import Local Certificate dialog appears.
3. In the Type list, select Certificate or PKCS #12 Certificate.
4. Beside Certificate File, click Browse to select the certificate.
5. Enter the password and certificate name.
6. Click OK.
Selecting a certificate for HTTPS connections
To select a certificate for HTTPS connections:
1. In FortiAnalyzer, go to System Settings > Admin > Admin Settings.
2. From the HTTPS & Web Service Certificate dropdown list, select the certificate to use for HTTPS connections, and
click Apply.
Summary of where to add certificates
The following table summarizes where to add certificates to support communication with the FortiClient Web Filter
extension and FortiAnalyzer.
Scenario Certificate and CA Where to add certificates
Public SSL certificate Add SSL certificate to FortiClient EMS.
Allow the FortiClient
Chromebook Web Filter
l Add SSL certificate to FortiClient EMS.
SSL certificate not from a
extension to trust EMS l Add your certificate's root CA to the Google Admin
common CA
console.
Public SSL certificate Add SSL certificate to FortiAnalyzer.
Allow the FortiClient
Chromebook Web Filter l Add SSL certificate to FortiAnalyzer.
extension to trust SSL certificate not from a
l Add your certificate's root CA to the Google Admin
FortiAnalyzer for logging common CA
console.
Uploading root certificates to the Google Admin console
To upload root certificates to the Google Admin console:
1. In the Google Admin console, go to Device Management > Network > Certificates (root certificate) (crt certificate).
2. Add the root certificate.
3. Select the Use this certificate as an HTTPS certificate authority checkbox.
Do not forget to select the Use this certificate as an HTTPS certificate authority checkbox.
FortiClient EMS 7.2.4 QuickStart Guide 39
Fortinet Inc.
FortiClient EMS for Chromebooks setup
Disabling access to Chrome developer tools
Disabling access to Chrome developer tools is recommended. This blocks users from disabling the FortiClient Web Filter
extension.
To disable access to Chrome developer tools:
1. In the Google Admin console, go to Devices > Chrome > Settings > Users & browsers.
2. On the left, select the organization that contains the desired users or enrolled browsers. To select all users and
browsers, select the top-level organization. Otherwise, select a child.
3. In User & Browser Settings, for the Developer tools option, select Never allow use of built-in developer tools.
Disallowing incognito mode
When users browse in incognito mode, Chrome bypasses extensions. You should disallow incognito mode for managed
Google domains.
To disallow incognito mode:
1. In the Google Admin console, go to Devices > Chrome > Settings > Users & browsers.
2. On the left, select the organization that contains the desired users or enrolled browsers. To select all users and
browsers, select the top-level organization. Otherwise, select a child.
3. In User & Browser Settings, under Security, set Incognito mode to Disallow incognito mode.
4. Click Save.
Disabling guest mode
You should disallow guest mode for managed Google domains.
To disallow guest mode:
1. In the Google Admin console, go to Devices > Chrome > Settings > Device.
2. On the left, select the organization that contains the desired users or enrolled browsers. To select all users and
browsers, select the top-level organization. Otherwise, select a child.
FortiClient EMS 7.2.4 QuickStart Guide 40
Fortinet Inc.
FortiClient EMS for Chromebooks setup
3. Under Sign-in settings, for Guest mode, select Disable guest mode.
4. Click Save.
Blocking the Chrome task manager
You should block users from ending processes with the Chrome task manager for managed Google domains.
To block the Chrome task manager:
1. In the Google Admin console, go to Devices > Chrome > Settings > Users & browsers.
2. On the left, select the organization that contains the desired users or enrolled browsers. To select all users and
browsers, select the top-level organization. Otherwise, select a child.
3. In User & Browser Settings, under Task manager select Block users from ending processes with the Chrome task
manager from the dropdown list.
4. Click Save.
Service account credentials
FortiClient EMS requires service account credentials that the Google Developer console generates. You can use the
default service account credentials provided with FortiClient EMS or generate and use unique service account
credentials, which is more secure.
The service account credentials must be the same in FortiClient EMS and the Google Admin
console.
Configuring default service account credentials
FortiClient EMS includes the following default service account credentials that the Google Developer console generates:
Option Default setting Where used
Client ID 102515977741391213738 Google Admin console
Email address account- FortiClient EMS
[email protected]
Service account certificate A certificate in .pem format for the service account FortiClient EMS
credentials
FortiClient EMS 7.2.4 QuickStart Guide 41
Fortinet Inc.
FortiClient EMS for Chromebooks setup
The service account credentials are a set. If you change one credential, you must change the
other two credentials.
To configure the default service account credentials, you must add the client ID's default value to the Google Admin
console. Service account credentials do not require other configuration. See Delegating domain-wide authority to the
service account on page 48.
Configuring unique service account credentials
When using unique service account credentials for improved security, you must complete the following steps to add the
unique service account credentials to the Google Admin console and FortiClient EMS:
1. Create unique service account credentials using the Google Developer console. See Creating unique service
account credentials on page 42.
2. Add the unique service account credentials to the Google Admin console. See Delegating domain-wide authority to
the service account on page 48.
3. Add the unique service account credentials to FortiClient EMS. See Adding service account credentials to EMS on
page 50.
Creating unique service account credentials
Creating a unique set of service account credentials provides more security. Unique service account credentials include
the following:
l Client ID (a long number)
l Service account ID (email address)
l Service account certificate (a certificate in .pem format)
To create unique service account credentias:
1. Go to Google API Console.
2. Log in with your Google Workspace account credentials.
3. Create a new project:
a. Click the toolbar list. The browser displays the following dialog.
FortiClient EMS 7.2.4 QuickStart Guide 42
Fortinet Inc.
FortiClient EMS for Chromebooks setup
b. Select your organization, if you see an organization dropdown list. Click New Project.
c. In the Project name field, enter your project name, then click Create.
FortiClient EMS 7.2.4 QuickStart Guide 43
Fortinet Inc.
FortiClient EMS for Chromebooks setup
4. Enable the Admin SDK:
a. Select your project from the toolbar list, then click APIs & Services.
b. Under Google Workspace APIs, search for Admin SDK API and enable it.
FortiClient EMS 7.2.4 QuickStart Guide 44
Fortinet Inc.
FortiClient EMS for Chromebooks setup
After enabling the Admin SDK API, the console displays a message indicating: To use this API, you may need
credentials.
5. Create a service account:
a. Go to the Credentials tab and select Create Credentials > Service account.
b. From the Service account list, select New Service Account. Enter a service account name.
FortiClient EMS 7.2.4 QuickStart Guide 45
Fortinet Inc.
FortiClient EMS for Chromebooks setup
c. From the Role list, select Project > Viewer.
d. Edit the created service account and go to Keys. Click Add Key to create a P12 private key.
FortiClient EMS 7.2.4 QuickStart Guide 46
Fortinet Inc.
FortiClient EMS for Chromebooks setup
e. Save the private key and note the private key password, "notasecret".
The private key with the P12 extension is the only copy you receive. Keep it in a safe
place. You should also remember the password prompted on the screen. At this time,
that password should be notasecret.
6. Edit the service account you just created and expand Advanced settings. There is a Domain-wide Delegation
message and step-by-step guide.
FortiClient EMS 7.2.4 QuickStart Guide 47
Fortinet Inc.
FortiClient EMS for Chromebooks setup
To use the private key in EMS, it needs to be converted to .pem format. You can use the
following openssl command to convert it. Remember to use the notasecret password.
C:\OpenSSL-Win64\bin>openssl pkcs12 -in demo-976b9d6e9328.p12 -out
serviceAccount-demo.pem -nodes -nocerts
Enter Import Password:
Delegating domain-wide authority to the service account
This section describes how to delegate domain-wide authority to the service account in the Google Admin console.
These settings allow Google to trust FortiClient EMS, which enables FortiClient EMS to retrieve information from the
FortiClient EMS 7.2.4 QuickStart Guide 48
Fortinet Inc.
FortiClient EMS for Chromebooks setup
Google domain.
To delegate domain-wide authority to the service account:
1. In the Google Admin console, go to Menu > Security > Access and data control > API controls.
2. Click Manage Domain Wide Delegation, then click Add New.
3. Set the following options:
a. In the Client ID field, add the client ID from the service account credentials.
b. In the OAuth Scopes field, add the following string:
FortiClient EMS 7.2.4 QuickStart Guide 49
Fortinet Inc.
FortiClient EMS for Chromebooks setup
https://www.googleapis.com/auth/admin.directory.orgunit.readonly,https://www.googleapis.com/auth/admin.d
irectory.user.readonly
The API scopes are case-sensitive and must be lowercase. You may need to copy the
string into a text editor and remove spaces created by words wrapping to the second
line in the PDF.
c. Click Authorize.
Adding service account credentials to EMS
The section describes how to add the service account ID and service account certificate from the service account
credentials to FortiClient EMS.
To add service account credentials to EMS:
1. In FortiClient EMS, go to System Settings > EMS Settings.
2. Enable EMS for Chromebooks Settings.
The default service account credentials display. Overwrite the default settings with the
unique set of service account credentials received from Fortinet.
3. The Service account field shows the configured email address provided for the service account credentials. Click
the Update service account button and configure the following information:
Service Account Email Enter a new email address for the service account credentials.
Private key Click Browse and select the certificate provided with the service account
credentials.
FortiClient EMS 7.2.4 QuickStart Guide 50
Fortinet Inc.
FortiClient EMS for Chromebooks setup
4. Click Save.
The service account credentials are a set. If you change one credential, you must change the
other two credentials.
Adding SSL certificates
This section includes information about the required SSL certificates to support the following types of communication:
l Communication with the FortiClient Chromebook Web Filter extension on page 37
l Communication with FortiAnalyzer for logging on page 38
It includes the following procedures:
l Required: Adding an SSL certificate to FortiClient EMS for Chromebook endpoints on page 51
l Required only when sending logs to FortiAnalyzer: Adding SSL certificates to FortiAnalyzer on page 52
Adding an SSL certificate to FortiClient EMS for Chromebook endpoints
You must add an SSL certificate to FortiClient EMS to allow Chromebooks to connect to FortiClient EMS.
If you are using a public SSL certificate, add the certificate to FortiClient EMS. You do not need to add the certificate to
the Google Admin console.
If you are not using a public SSL certificate, you must add the SSL certificate to FortiClient EMS, and the root certificate
to the Google Admin console. See Adding root certificates on page 37.
To add an SSL certificate to EMS for Chromebook endpoints:
1. In FortiClient EMS, go to System Settings > EMS Settings > EMS for Chromebooks Settings.
2. Do one of the following:
a. To replace an existing SSL certificate, beside SSL certificate, click Update SSL certificate.
b. If no SSL certificate has been added yet, click the Upload new SSL certificate button.
3. Click Browse and locate the certificate file (<name>.pfx).
4. In the Password field, enter the password.
5. Click Test.
6. Click Save.
If the SSL certificate expires in less than three months, the expiry date label is yellow. If it is
expired, the label is red. Otherwise, it is green.
FortiClient EMS 7.2.4 QuickStart Guide 51
Fortinet Inc.
FortiClient EMS for Chromebooks setup
Adding SSL certificates to FortiAnalyzer
1. In FortiAnalyzer, go to System Settings > Certificates > Local Certificates.
2. Click Import. The Import Local Certificate dialog appears.
3. In the Type list, select Certificate or PKCS #12 Certificate.
4. Beside Certificate File, click Browse to select the certificate.
5. Enter the password and certificate name.
6. Click OK.
Adding a Google domain
To add a Google domain:
1. Go to Google Domains > Manage Domains, and click the Add button. The Google Domain pane displays.
2. In the Admin Email field, enter your Google domain admin email.
3. In the Organization Unit Path field, enter the domain organization unit path.
/ stands for the root of the domain.
4. Click Save. EMS imports the Google domain information and users.
Configuring Chromebook profiles
Chromebook profiles support web filtering by categories, blocklists and allowlists, and Safe Search. You can create
different profiles and assign them to different groups in the Google domain as part of an endpoint policy.
Adding a new Chromebook profile
When you enable Chromebook management on EMS, EMS creates default Web Filter and System Settings profiles for
Chromebooks. By default, EMS includes these profiles in the default Chromebook policy, which it applies to any Google
domains you add to FortiClient EMS.
You can add new Chromebook profiles to deploy different settings to Chomebook endpoints.
FortiClient EMS 7.2.4 QuickStart Guide 52
Fortinet Inc.
FortiClient EMS for Chromebooks setup
Adding Yandex search engine to the blocklist in the profile is recommended.
To add a new profile:
1. Go to Endpoint Profiles.
2. Go to Web Filter or System Settings.
3. Click Add, then click Add Chrome Profile.
4. Configure the profile as desired.
5. Click Save.
Enabling and disabling Safe Search
The search engine provides a Safe Search feature that blocks inappropriate or explicit images from search results. The
Safe Search feature helps avoid most adult content. FortiClient EMS supports Safe Search for most common search
engines, such as Google, Yahoo, and Bing.
The profile in FortiClient EMS controls the Safe Search feature.
Following are examples of search results with the Safe Search feature disabled and enabled. Notice the difference
between the number of results. Here are the search results when the Safe Search feature is disabled, which has about
285000000 results:
Here are the search results when the Safe Search feature is enabled, which has about 256000000 results.
FortiClient EMS 7.2.4 QuickStart Guide 53
Fortinet Inc.
FortiClient EMS for Chromebooks setup
To enable or disable Safe Search:
1. In FortiClient EMS, in the Endpoint Profiles > Manage Profiles area, click the Default - Chromebooks profile or
another profile.
2. On the Web Filter tab, enable or disable Enable Safe Search.
You can enable Safe Search on the Video Filter and Web Filter profiles. When Safe Search is enabled on both profiles,
the more restrictive settings are applied to YouTube
Adding a Chromebook policy
1. Go to Chromebook Policy > Manage Chromebook Policies.
2. Click Add.
3. Complete the following fields:
Chromebook policy name Enter the desired name for the Chromebook policy.
Google domains Select the Google domain to apply the policy to. Domains for which an
endpoint policy has already been created are grayed out and you cannot
select them.
Chromebook profile Include a Chromebook profile in the policy. From the dropdown list, select the
desired profile.
You must have already created a profile to include one in an endpoint policy.
See Adding a new Chromebook profile on page 52.
Comments Enter any comments desired for the endpoint policy.
Enable the policy Toggle to enable or disable the endpoint policy. You can enable or disable the
policy at a later time from Endpoint Policy & Components Manage Policies.
4. Click Save. You can view the newly created policy on the Chromebook Policy > Manage Chromebook Policies
page.
EMS pushes these settings to the endpoint with the next Telemetry communication.
FortiClient EMS 7.2.4 QuickStart Guide 54
Fortinet Inc.
FortiClient EMS for Chromebooks setup
Viewing domains
After you add domains to FortiClient EMS, you can view the list of domains in Google Domains. You can also view the list
of Google users in each domain and details about each Google user in the User Details, Client Statistics, and Blocked
Sites panes.
Viewing the Google Users pane
To view the Google Users pane:
You can view Google user information in FortiClient EMS.
1. Go to Google Domains > Domains and click a domain. The list of Google users displays.
The following options are available in the toolbar:
Clear Filters Clear the currently used filter(s).
Refresh Refresh the page.
The following columns of information display for Google users:
Name Chromebook user's name.
FortiClient EMS 7.2.4 QuickStart Guide 55
Fortinet Inc.
FortiClient EMS for Chromebooks setup
Email Chromebook user's email address.
Last Login Date and time the user last logged into the domain.
Last Policy Retrieval Date and time that the Google Chromebook last retrieved the endpoint profile.
Domain Name of the domain to which the user belongs.
Organization Path Organization path in the domain.
Viewing user details
You can view details about each user in a Google domain.
To view user details:
1. Go to Google Domains > Domains. The list of domains displays.
2. Click a domain. The list of Google users displays.
3. Click a Google user and scroll to the bottom of the content pane. The User Details, Client Statistics, and Blocked
Sites panes display.
User Details
Field Information
Name Username.
Email User's email address.
Last Login Date and time the user last logged into the domain.
Last Policy Retrieval Date and time that the Google Chromebook last retrieved the endpoint profile.
Organization Path Organization path of the user in the domain.
Effective Policy Name of the Chromebook policy assigned to the user in the domain.
Client Statistics
Charts Information
Blocked Sites Distribution (past Displays the distribution of blocked sites in the past number of days. You can
<number> days) configure the number of days for which to display information. Go to System
Settings > Logs.
Top 10 Site Categories by Displays the distribution of top ten site categories in the past number of days. You
Distribution (Past <number> can configure the number of days for which to display information. Go to System
Days) Settings > Logs.
FortiClient EMS 7.2.4 QuickStart Guide 56
Fortinet Inc.
FortiClient EMS for Chromebooks setup
Blocked Sites (Past <number> Days)
Fields Information
Time Time that the user visited the blocked site.
Threat Threat type that FortiClient detected.
Client Version Chromebook user's current version.
OS Type of OS that the Chromebook user used.
URL Blocked site's URL.
Port Port number currently listening.
User Initiated Whether the user initiated visitation to the blocked site.
FortiClient EMS 7.2.4 QuickStart Guide 57
Fortinet Inc.
Change log
Date Change description
2024-03-04 Initial release.
2024-03-18 Updated:
l Creating unique service account credentials on page 42
l Delegating domain-wide authority to the service account on page 48
l Adding service account credentials to EMS on page 50
2024-03-25 Updated Communication with FortiAnalyzer for logging on page 38.
FortiClient EMS 7.2.4 QuickStart Guide 58
Fortinet Inc.
www.fortinet.com
Copyright© 2024 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein
may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were
attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance
results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract,
signed by Fortinet’s Chief Legal Officer, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only
the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal
conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change,
modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.
You might also like
- Forescout Administrator Training and Certification: The Pathway To Success0% (1)Forescout Administrator Training and Certification: The Pathway To Success3 pages
- FortiClient EMS 7.4.0 Administration GuideNo ratings yetFortiClient EMS 7.4.0 Administration Guide519 pages
- FortiAnalyzer 7.0.1 Administration GuideNo ratings yetFortiAnalyzer 7.0.1 Administration Guide353 pages
- Fortinet Solutions RSSO - RADIUS Single Sign On100% (1)Fortinet Solutions RSSO - RADIUS Single Sign On27 pages
- Technical Note - Loading FortiGate Firmware Image Using TFTPNo ratings yetTechnical Note - Loading FortiGate Firmware Image Using TFTP4 pages
- Fortiswitch: High Performance Gigabit and 10 Gigabit Ethernet SwitchesNo ratings yetFortiswitch: High Performance Gigabit and 10 Gigabit Ethernet Switches3 pages
- Transparent Mode Fortigate Getting Started 52100% (1)Transparent Mode Fortigate Getting Started 5284 pages
- Configuring Firewall Settings For ConfigMgrNo ratings yetConfiguring Firewall Settings For ConfigMgr21 pages
- FortiAnalyzer-7 4 1-Administration - GuideNo ratings yetFortiAnalyzer-7 4 1-Administration - Guide425 pages
- An Agent Based Intrusion Detection, Response and Blocking Using Signature Method in Active Net Abstract100% (1)An Agent Based Intrusion Detection, Response and Blocking Using Signature Method in Active Net Abstract3 pages
- Exam NSE5 - FAZ-6.2: IT Certification Guaranteed, The Easy Way!No ratings yetExam NSE5 - FAZ-6.2: IT Certification Guaranteed, The Easy Way!10 pages
- EO80-21.0v1-Sophos-Firewall-Engineer-Course-OverviewNo ratings yetEO80-21.0v1-Sophos-Firewall-Engineer-Course-Overview5 pages
- FortiClient EMS 7.2 Administrator Sample Questions - Attempt Review1No ratings yetFortiClient EMS 7.2 Administrator Sample Questions - Attempt Review14 pages
- FortiSwitchOS-7.2.1-FortiLink Guide-FortiSwitch Devices Managed by FortiOS 7.2No ratings yetFortiSwitchOS-7.2.1-FortiLink Guide-FortiSwitch Devices Managed by FortiOS 7.2238 pages
- Quiz - Cloud Security and Virtualization - Attempt ReviewNo ratings yetQuiz - Cloud Security and Virtualization - Attempt Review4 pages
- FortiSandbox-4 4 1-Administration - GuideNo ratings yetFortiSandbox-4 4 1-Administration - Guide256 pages
- Fortinet - Actualtests.nse7 Atp 25.exam - Question.2020 Apr 05.by - Allen.23q.vceNo ratings yetFortinet - Actualtests.nse7 Atp 25.exam - Question.2020 Apr 05.by - Allen.23q.vce4 pages
- FortiNAC PoC Prerequisites, Testing Scenarios & Acceptance Criteria (TEMPLATE)No ratings yetFortiNAC PoC Prerequisites, Testing Scenarios & Acceptance Criteria (TEMPLATE)12 pages
- Cisco Prime Infrastructure 3.1 V1 30 Minutes Part 1 Scenario 1: DashboardNo ratings yetCisco Prime Infrastructure 3.1 V1 30 Minutes Part 1 Scenario 1: Dashboard14 pages
- Enterprise Firewall 6.4 Course Description-OnlineNo ratings yetEnterprise Firewall 6.4 Course Description-Online2 pages
- Integration CheckPoint EndPoint Security VPN and Microsoft Azure MFANo ratings yetIntegration CheckPoint EndPoint Security VPN and Microsoft Azure MFA27 pages
- Configuration of Microsoft ISA Proxy Server and Linux Squid Proxy ServerFrom EverandConfiguration of Microsoft ISA Proxy Server and Linux Squid Proxy ServerNo ratings yet
- ESHP_-_Humic_Plus_c1f0dfd6-a4fc-411e-9039-9973a5468766No ratings yetESHP_-_Humic_Plus_c1f0dfd6-a4fc-411e-9039-9973a54687663 pages
- FortiAnalyzer_7.4_Analyst_Course_DescriptionNo ratings yetFortiAnalyzer_7.4_Analyst_Course_Description2 pages
- Fortinet Transceivers: Take The Guesswork Out of Selecting TransceiversNo ratings yetFortinet Transceivers: Take The Guesswork Out of Selecting Transceivers4 pages
- ISSMP Exam Outline November 2023 EnglishNo ratings yetISSMP Exam Outline November 2023 English11 pages
- The Ultimate Guide To It Security Vendors: Esecurity PlanetNo ratings yetThe Ultimate Guide To It Security Vendors: Esecurity Planet13 pages
- Palo-Alto-Networks Testking PCNSE v2018-11-18 by Jeremy 79q PDFNo ratings yetPalo-Alto-Networks Testking PCNSE v2018-11-18 by Jeremy 79q PDF45 pages
- Palo-Alto-Networks PracticeTest PCNSA 26qNo ratings yetPalo-Alto-Networks PracticeTest PCNSA 26q16 pages
- Secure Access - Solution - Talking - Points - March - 2017No ratings yetSecure Access - Solution - Talking - Points - March - 20172 pages
- Importify-The Ultimate Guide To Start Building Your Dropshipping Business PDF100% (1)Importify-The Ultimate Guide To Start Building Your Dropshipping Business PDF36 pages
- BlueCoat Mach5 WAN Optimization Sizing GuideNo ratings yetBlueCoat Mach5 WAN Optimization Sizing Guide3 pages
- How To SIP Trunking Using The SIP Trunk Page PDFNo ratings yetHow To SIP Trunking Using The SIP Trunk Page PDF19 pages
- Ingate Siparator Getting Starting Guide PDFNo ratings yetIngate Siparator Getting Starting Guide PDF88 pages
- Zebra Is A Free, Fast, Friendly Information Management System.No ratings yetZebra Is A Free, Fast, Friendly Information Management System.161 pages
- TDs Flexible Volume Profile Instructions 1.1 PDFNo ratings yetTDs Flexible Volume Profile Instructions 1.1 PDF7 pages
- COSEC CENTRA Prerequisites for Software InstallationNo ratings yetCOSEC CENTRA Prerequisites for Software Installation10 pages
- Windows DiLshad Edition - 2012 - Windows 7 Ultimate SP1 - x86 - DiLshadNo ratings yetWindows DiLshad Edition - 2012 - Windows 7 Ultimate SP1 - x86 - DiLshad4 pages
- Getting JJay Email To MS Outlook at HomeNo ratings yetGetting JJay Email To MS Outlook at Home12 pages
- Windows 11 Users Guide A Quick Reference Guide To The New Windows 11 Operating System by Christopher BrewerNo ratings yetWindows 11 Users Guide A Quick Reference Guide To The New Windows 11 Operating System by Christopher Brewer43 pages
- Fix For Windows Update KB5034441 That Keeps FailingNo ratings yetFix For Windows Update KB5034441 That Keeps Failing2 pages
- Paul Hill - : Creating An Organizational UnitNo ratings yetPaul Hill - : Creating An Organizational Unit8 pages
- Automation Anywhere Provides Inbuilt Exception Handling CapabilityNo ratings yetAutomation Anywhere Provides Inbuilt Exception Handling Capability2 pages
- Remotewatch V3.1 Release Notes: I/A Series SystemNo ratings yetRemotewatch V3.1 Release Notes: I/A Series System36 pages
- Intel Wi Fi 6e Ax210 Gig+ Iot Kit Integration GuideNo ratings yetIntel Wi Fi 6e Ax210 Gig+ Iot Kit Integration Guide2 pages
- Anexo C Manual Del Audit Viewer 2005 PDFNo ratings yetAnexo C Manual Del Audit Viewer 2005 PDF17 pages
