Administration Guide

Introduction
- FortiClient, FortiClient EMS, and FortiGate
- Fortinet product support for FortiClient
- Feature comparison of FortiClient free and paid versions
Getting started
- Getting started with FortiClient
- EMS and endpoint profiles
- Telemetry connection options
- Telemetry gateway IP lists
- EMS and automatic upgrade of FortiClient
Provisioning preparation
- Installation requirements
- Licensing
- Required services and ports
- FortiClient setup types and modules
- Firmware images and tools
- Obtaining FortiClient installation files
Provisioning
- Installing FortiClient on computers
- Installing FortiClient on infected systems
- Installing FortiClient as part of cloned disk images
- Installing FortiClient using the CLI
- Deploying FortiClient using Microsoft AD servers
  - Using Microsoft AD to deploy FortiClient
  - Using Microsoft AD to uninstall FortiClient
- Uninstalling FortiClient
- Upgrading FortiClient
User details
- Viewing user details
- Retrieving user details from cloud applications
- Adding your phone number and email address manually
- Specifying the user avatar manually
Fabric Telemetry
- FortiClient Telemetry
- Compliance with EMS and FortiOS
- On-net/off-net status with EMS
  - EMS only
  - Logging to FortiAnalyzer
- Quarantined endpoints
Malware Protection
- Antivirus
- Cloud Based Malware Protection
- AntiExploit
- Removable media access
- Quarantined files
  - Viewing quarantined files
  - Submitting quarantined files for scanning
Sandbox Detection
- Scanning with FortiSandbox on-demand
- Viewing FortiSandbox scan results
- Using the popup window
Web Filter
- Web browser plugin for HTTPS web filtering
- Viewing violations
- Troubleshooting Web Filter
Application Firewall
Vulnerability Scan
- Scanning on-demand
- Automatically fixing detected vulnerabilities
- Reviewing detected vulnerabilities before fixing
- Manually fixing detected vulnerabilities
- Viewing details about vulnerabilities
- Viewing vulnerability scan history
Remote Access
- Configuring VPN connections
  - Configuring an SSL VPN connection
  - Configuring an IPsec VPN connection
- Connecting VPNs
- Advanced features (Windows)
- Advanced features (macOS)
  - Creating redundant IPsec VPNs
  - Creating priority-based SSL VPN connections
- VPN tunnel and script
  - Windows
  - macOS
- Standalone VPN client
Notifications
Settings
- System
- Logging
  - Sending logs and software inventory reports to FortiAnalyzer or FortiManager
  - Exporting the log file
- VPN options
- Advanced options
- FortiTray
Diagnostic Tool
Appendix A - FortiClient API
- Overview
- API reference
Appendix B - FortiClient log messages
Appendix C - Vulnerability patches
Appendix D - FortiClient processes
- FortiClient (Windows) processes
- FortiClient (macOS) processes
Appendix E - FortiClient (Linux) CLI commands

Home FortiClient 6.2.5 Administration Guide

6.2.5

FortiClient setup types and modules

When the administrator creates a FortiClient deployment package in EMS, they choose which setup type and modules to install:

Security Fabric Agent
Secure Access Architecture Components
Advanced Persistent Threat (APT) Components
Additional Security Features

The following table summarizes the impact of the options:

Setup type	Description	Impact on FortiClient
Security Fabric Agent	Enabled by default and installs components to support the Security Fabric available with FortiGate, including FortiClient Telemetry, vulnerability scanning, and vulnerability remediation.	Displays the following tabs: Fabric Telemetry Vulnerability Scan
Secure Access Architecture Components	Optional. Supports SSL and IPsec VPN access.	Displays the Remote Access tab.
Advanced Persistent Threat (APT) Components	Optional. Supports FortiSandbox and quarantine features.	Enables the Sandbox Detection tab to connect to FortiSandbox.
Additional Security Features	Optional. Supports AntiVirus, Web Filtering, Application Firewall, SSO mobility agent, and cloud-based malware outbreak detection. The administrator may select one, more, or all security features.	Displays the following tabs when all security features are selected: Malware Protection Web Filter Application Firewall When Single Sign On is selected, FortiClient supports the SSO feature. When a security feature is not selected, the tab is hidden from view in FortiClient.

The administrator can use an EMS profile to disable installed components in FortiClient but cannot use an EMS profile to enable uninstalled components in FortiClient. See EMS and endpoint profiles.

For example, if the administrator creates the EMS installer with APT components selected, the Sandbox Detection tab is enabled in FortiClient. The administrator can use an EMS profile to disable Sandbox Detection. However, if the installer did not include APT components, the Sandbox Detection tab is disabled in FortiClient and the administrator cannot use an EMS profile to enable Sandbox Detection.