FortiClient templates
The FortiClient templates menu allows you to create and manage FortiClient profiles which can then be assigned to devices.
Endpoint control ensures that workstation computers (endpoints) and other network devices meet security requirements, otherwise they are not permitted access. Endpoint Control enforces the use of FortiClient Endpoint Security and pushes a FortiClient Profile to the FortiClient application.
The following information is displayed:
| Name | The name of the FortiClient profile. Right-click the column heading to change the FortiClient profile order. |
| User | The device groups, user groups, and users associated with the FortiClient profile. |
| Comments | Optional FortiClient profile comments. |
| Last Modified | The date and time that the entry was last modified including the administrative user name of the user who made the change. |
The following options are available:
| Create New | Select to create a new FortiClient profile. | |
| Delete | Select an entry from the list and select Delete from the toolbar. Optionally, select an entry from the list, right-click and select Delete from the context menu to delete the entry. | |
| Import | Select to import a FortiClient profile from an existing device in the ADOM. | |
| Edit | Select an entry from the list, right-click and select Edit from the context menu to edit the entry. Alternatively, double click the entry to open the Edit FortiClient Profile page. | |
| Clone | Select an entry from the list, right-click and select Clone from the context menu to clone the entry. | |
| Search | Search the FortiClient profiles by entering a search term in the search field. | |
| Column Settings | Right-click the column header to view and edit column settings. Column settings include the option to restore columns to their default state. Left-click column heading to drag-and-drop the column to change the column order. | |
FortiClient Profiles
The FortiClient profile consists of the following sections:
- Antivirus Protection l Web Category Filtering l Client Web Filtering when On-Net
- VPN
- Client VPN Provisioning l Auto-connect When Off-Net
- Application Firewall l Use FortiManager for client software/signature update l Failover to FDN when FortiManager is not available
- Dashboard Banner l Client-based Logging When On-Net l iOS settings l Android settings
Non-compliant endpoints are those without the latest version of FortiClient installed. They can be sent to the FortiClient download portal to obtain FortiClient software, or they can be blocked. For more information on configuring FortiClient Profiles and Endpoint Control, see the FortiClient Administration Guide.
When a FortiClient Profile is selected in a firewall policy, all users of that firewall policy must have FortiClient Endpoint Security installed. The FortiClient profile settings are pushed to the FortiClient application on the client.
FortiClient profiles can be created, edited, cloned, deleted, and imported from devices using right-click menu and toolbar selections.
To create a new FortiClient profile:
- Go to the FortiClient Templates > Endpoint Profile page and select Create New. The Create New FortiClient Profile page opens.
New FortiClient profile
- Enter the following information:
| Name | Type a name for the new FortiClient profile.
When creating a new FortiClient profile, XSS vulnerability characters are not allowed. |
| Comments | Type a profile description. (optional) |
| Assign to Profile To: | l Device Groups: Select device groups in the drop-down menu. Select the add icon to assign multiple device groups to the FortiClient profile, for example Mac and Windows PC.
l User Groups: Select user groups in the drop-down menu. Select the add icon to assign multiple user groups to the FortiClient profile. l Users: Select users in the drop-down menu. Select the add icon to assign multiple users to the FortiClient profile. You can assign the profile to user groups and users when using Active Directory authentication or RADIUS authentication for VPN. |
- Continue down the page to the operating system specific s
FortiClient configuration deployment for Windows and Mac
- Enter the following information for the Windows and Mac section:
| FortiClient Configuration Deployment
Windows and Mac |
| Antivirus Protection Toggle the button to enable or disable this feature. |
| Web Category Filtering Toggle the button to enable or disable this feature. When enabled, you can select a web filter profile in the drop-down list. |
| Client Web Filtering when On- Select the checkbox to enable client web filtering when on-net.
Net FortiClient determines the client to be on-net when the registered FortiGate serial number matches one of the serial numbers it gets from the FortiGate DHCP server. Otherwise it is off-net. |
| VPN Toggle the button to enable or disable this feature. |
| Client VPN Provisioning When enabled, you can configure multiple IPsec VPN and SSL VPN
connections. Select the add icon to add multiple VPN connections. Select the delete icon to remove VPN connections. Type the VPN name, type, remote gateway, and authentication method information. |
| Auto-connect When Off-Net You can select to auto-connect to a specific VPN when the client is off. Select the name of the VPN connection the drop-down list. |
| FortiClient Configuration Deployment
Windows and Mac |
| Application Firewall Toggle the button to enable or disable this feature. When enabled, you can select an application control sensor in the drop-down list. |
| Use FortiManager for client soft- Toggle the button to enable or disable this feature. When enabled, ware/signature update you can specify the IP address of the FortiManager. |
| Failover to FDN when FortiMan- Select the checkbox to failover to the FortiGuard Distribution Network ager not available when the FortiManager is not available. |
| Dashboard Banner Toggle the button to enable or disable this feature. When enabled
FortiClient advertisements will be displayed. |
| Client-based Logging When On- Toggle the button to enable or disable this feature.
Net FortiClient determines the client to be on-net when the registered FortiGate serial number matches one of the serial numbers it gets from the FortiGate DHCP server. Otherwise it is off-net. |
- If required, enter the FortiClient Configuration Deployment settings for iOS.
FortiClient configuration deployment for iOS
- Configure the following settings:
| Web Category Filtering | Click the ON/OFF button to enable or disable this feature. When enabled, you can select a web filter profile in the drop-down menu. Select the checkbox to enable client web filtering when on-net.
FortiClient determines the client to be on-net when the registered FortiGate serial number matches one of the serial numbers it gets from the FortiGate DHCP server. Otherwise it is off-net. |
|
| Client VPN Provisioning | Enable to configure the FortiClient VPN client.
Select the add icon to add multiple VPN connections. Select the delete icon to remove VPN connections. Optionally, you can upload the FortiClient iOS VPN configuration file. |
|
| Name | Type a name to identify this VPN configuration in the FortiClient application. | |
| Type | Select IPsec VPN or SSL VPN.
l If you select IPsec VPN, select a VPN Configuration File that contains the required IPsec VPN configuration. The Apple iPhone Configuration Utility/Apple Configurator produces .mobileconfig files which contain configuration information for an iOS device. l If you select SSL VPN, type the VPN configuration details. |
|
| Distribute Configuration Profile | Distribute configuration information to iOS devices running FortiClient Endpoint Security. Select Browse and locate the file to be distributed.
The Apple iPhone Configuration Utility/Apple Configurator produces .mobileconfig files which contain configuration information for an iOS device. |
|
- If required, enter the FortiClient Configuration Deployment settings for Android.
FortiClient configuration deployment for Android
- Configure the following settings:
| Web Category Filtering | Click the ON/OFF button to enable or disable this feature. When enabled, you can select a web filter profile in the drop-down menu.
Select the checkbox to enable client web filtering when on-net. FortiClient (Android) only supports FortiGuard Categories settings in the Web Filter Profile. Only Allow and Block actions are supported. All other settings will be ignored by FortiClient (Android). |
|
| Client VPN Provisioning | Enable to configure the FortiClient VPN client. Select the add icon to add multiple VPN connections. Select the delete icon to remove VPN connections. | |
| Name | Type a name to identify this VPN configuration in the FortiClient application. | |
| Type | Select IPsec VPN or SSL VPN. | |
| Remote Gateway | Type the remote gateway. | |
| Authentication Method | Select the authentication method to use, either Preshared Key or Certificate. If Preshared Key is selected, type the your pre-shared key.
This option is only available if the type is IPsec VPN. |
|
| Require Certificate | Select to require a certificate.
This option is only available if the type is SSL-VPN. |
|
| Access Port | Type the access port number.
This option is only available if the type is SSL-VPN. |
|
- Select OK.
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!