Fortinet black logo

EMS QuickStart Guide

Endpoint Management Setup

Windows, Mac, and Linux Endpoint Management Setup

This section describes how to set up FortiClient EMS for Windows, Mac, and Linux endpoint management. It provides an overview of using FortiClient EMS and FortiClient EMS integrated with FortiGate.

When FortiClient EMS is integrated with FortiGate, you can use gateway lists to help FortiClient endpoints connect to FortiClient EMS and FortiGate. You can also import FortiClient profiles from FortiGate to FortiClient EMS.

FortiClient EMS

Following is a summary of how to use FortiClient EMS without FortiGate:

  1. Configure user accounts. See Configuring user accounts.
  2. Add domains and/or discover local endpoints. See Adding endpoints
  3. Add a FortiClient installer to EMS. See Adding FortiClient installers.
  4. Create an endpoint profile and select a FortiClient installer. See Creating profiles to deploy FortiClient.
  5. You can use FortiClient EMS with an Active Directory server to install and upgrade FortiClient (Windows) on endpoints before and after endpoints connect Telemetry to EMS. You can use FortiClient EMS with workgroups only to upgrade FortiClient (Windows) on endpoints after they connect Telemetry to EMS and FortiClient connects to FortiClient EMS. When using workgroups, you must separately install FortiClient (Windows) on endpoints. See the FortiClient EMS Administration Guide.

    You can use FortiClient EMS to replace, upgrade, and uninstall FortiClient (macOS) after they connect Telemetry to EMS and FortiClient connects to FortiClient EMS. You cannot use FortiClient EMS to initially deploy FortiClient (macOS) and must separately install it on endpoints. See the FortiClient EMS Administration Guide.

  6. Prepare Windows endpoints for FortiClient deployment. See Preparing Windows endpoints for FortiClient deployment.

    You must also prepare the Windows AD server for deployment. See the FortiClient EMS Administration Guide.

  7. Assign a profile to a workgroup, domain, endpoint group, or organizational group. See Assigning profiles to Windows, Mac, and Linux endpoints.

    Depending on the selected profile's configuration, FortiClient is installed on the endpoints to which the profile is applied.

    After FortiClient installation, the endpoint user must connect FortiClient Telemetry to FortiGate or FortiClient EMS to receive the profile configuration and complete endpoint management setup. See Connecting manually from FortiClient.

  8. View the endpoint status. See Viewing endpoints.

FortiClient EMS integrated with FortiGate

Following is a summary of how to use FortiClient EMS when integrated with FortiGate:

  1. Configure user accounts. See Configuring user accounts.
  2. Add domains and/or discover local endpoints. See Adding endpoints
  3. Create gateway lists. See Creating gateway lists.
  4. Assign the lists to domains or workgroups. See Assigning gateway lists to endpoints.

    Alternately, you can add a FortiClient Telemetry gateway list to a custom FortiClient installer using the FortiClient Configurator tool.

  5. Add a FortiClient installer to EMS. See Adding FortiClient installers.
  6. Create an endpoint profile and select a FortiClient installer. See Creating profiles to deploy FortiClient.
  7. You can use FortiClient EMS with an Active Directory server to install and upgrade FortiClient (Windows) on endpoints before and after endpoints connect Telemetry to EMS. You can use FortiClient EMS with workgroups only to upgrade FortiClient (Windows) on endpoints after they connect Telemetry to EMS and FortiClient connects to FortiClient EMS. When using workgroups, you must separately install FortiClient (Windows) on endpoints. See the FortiClient EMS Administration Guide.

    You can use FortiClient EMS to replace, upgrade, and uninstall FortiClient (macOS) after they connect Telemetry to EMS and FortiClient connects to FortiClient EMS. You cannot use FortiClient EMS to initially deploy FortiClient (macOS) and must separately install it on endpoints. See the FortiClient EMS Administration Guide.

  8. Prepare Windows endpoints for FortiClient deployment. See Preparing Windows endpoints for FortiClient deployment.

    You must also prepare the Windows AD server for deployment. See the FortiClient EMS Administration Guide.

  9. Assign a profile to a workgroup, domain, endpoint group, or organizational group. See Assigning profiles to Windows, Mac, and Linux endpoints.

    Depending on the selected profile's configuration, FortiClient is installed on the endpoints to which the profile is applied.

    After FortiClient installation, the endpoint user must connect FortiClient Telemetry to FortiGate or FortiClient EMS to receive the profile configuration and complete endpoint management setup. See Connecting manually from FortiClient.

  10. View the endpoint status. See Viewing endpoints.

Windows, Mac, and Linux Endpoint Management Setup

This section describes how to set up FortiClient EMS for Windows, Mac, and Linux endpoint management. It provides an overview of using FortiClient EMS and FortiClient EMS integrated with FortiGate.

When FortiClient EMS is integrated with FortiGate, you can use gateway lists to help FortiClient endpoints connect to FortiClient EMS and FortiGate. You can also import FortiClient profiles from FortiGate to FortiClient EMS.

FortiClient EMS

Following is a summary of how to use FortiClient EMS without FortiGate:

  1. Configure user accounts. See Configuring user accounts.
  2. Add domains and/or discover local endpoints. See Adding endpoints
  3. Add a FortiClient installer to EMS. See Adding FortiClient installers.
  4. Create an endpoint profile and select a FortiClient installer. See Creating profiles to deploy FortiClient.
  5. You can use FortiClient EMS with an Active Directory server to install and upgrade FortiClient (Windows) on endpoints before and after endpoints connect Telemetry to EMS. You can use FortiClient EMS with workgroups only to upgrade FortiClient (Windows) on endpoints after they connect Telemetry to EMS and FortiClient connects to FortiClient EMS. When using workgroups, you must separately install FortiClient (Windows) on endpoints. See the FortiClient EMS Administration Guide.

    You can use FortiClient EMS to replace, upgrade, and uninstall FortiClient (macOS) after they connect Telemetry to EMS and FortiClient connects to FortiClient EMS. You cannot use FortiClient EMS to initially deploy FortiClient (macOS) and must separately install it on endpoints. See the FortiClient EMS Administration Guide.

  6. Prepare Windows endpoints for FortiClient deployment. See Preparing Windows endpoints for FortiClient deployment.

    You must also prepare the Windows AD server for deployment. See the FortiClient EMS Administration Guide.

  7. Assign a profile to a workgroup, domain, endpoint group, or organizational group. See Assigning profiles to Windows, Mac, and Linux endpoints.

    Depending on the selected profile's configuration, FortiClient is installed on the endpoints to which the profile is applied.

    After FortiClient installation, the endpoint user must connect FortiClient Telemetry to FortiGate or FortiClient EMS to receive the profile configuration and complete endpoint management setup. See Connecting manually from FortiClient.

  8. View the endpoint status. See Viewing endpoints.

FortiClient EMS integrated with FortiGate

Following is a summary of how to use FortiClient EMS when integrated with FortiGate:

  1. Configure user accounts. See Configuring user accounts.
  2. Add domains and/or discover local endpoints. See Adding endpoints
  3. Create gateway lists. See Creating gateway lists.
  4. Assign the lists to domains or workgroups. See Assigning gateway lists to endpoints.

    Alternately, you can add a FortiClient Telemetry gateway list to a custom FortiClient installer using the FortiClient Configurator tool.

  5. Add a FortiClient installer to EMS. See Adding FortiClient installers.
  6. Create an endpoint profile and select a FortiClient installer. See Creating profiles to deploy FortiClient.
  7. You can use FortiClient EMS with an Active Directory server to install and upgrade FortiClient (Windows) on endpoints before and after endpoints connect Telemetry to EMS. You can use FortiClient EMS with workgroups only to upgrade FortiClient (Windows) on endpoints after they connect Telemetry to EMS and FortiClient connects to FortiClient EMS. When using workgroups, you must separately install FortiClient (Windows) on endpoints. See the FortiClient EMS Administration Guide.

    You can use FortiClient EMS to replace, upgrade, and uninstall FortiClient (macOS) after they connect Telemetry to EMS and FortiClient connects to FortiClient EMS. You cannot use FortiClient EMS to initially deploy FortiClient (macOS) and must separately install it on endpoints. See the FortiClient EMS Administration Guide.

  8. Prepare Windows endpoints for FortiClient deployment. See Preparing Windows endpoints for FortiClient deployment.

    You must also prepare the Windows AD server for deployment. See the FortiClient EMS Administration Guide.

  9. Assign a profile to a workgroup, domain, endpoint group, or organizational group. See Assigning profiles to Windows, Mac, and Linux endpoints.

    Depending on the selected profile's configuration, FortiClient is installed on the endpoints to which the profile is applied.

    After FortiClient installation, the endpoint user must connect FortiClient Telemetry to FortiGate or FortiClient EMS to receive the profile configuration and complete endpoint management setup. See Connecting manually from FortiClient.

  10. View the endpoint status. See Viewing endpoints.