Roaming FortiGate example
In the example, Research Lab and Fortinet appear in FortiClient. FortiClient attempts to connect silently to one of the IP addresses in Research Lab first. If both fail (because the laptop is not in the lab), the client attempts to connect to Fortinet.
Because Fortinet uses a FQDN, the actual FortiGate that FortiClient attempts to connect to may vary because of DNS settings.
<forticlient_configuration>
<endpoint_control>
<disable_unregister>1</disable_unregister>
<silent_registration>1</silent_registration>
<fortigates>
<fortigate>
<name>Research Lab</name>
<addresses>10.10.10.1:9090;10.10.10.2:9090</addresses>
<registration_password>33333333</registration_password>
</fortigate>
<fortigate>
<name>Fortinet</name>
<addresses>fgt.fortinet.com:8002</addresses>
<registration_password>22222222</registration_password>
</fortigate>
</fortigates>
</endpoint_control>
</forticlient_configuration>
The FortiGate sets the following elements. FortiClient reads them and imports into its configuration when received from the FortiGate. If modified by the user locally on the Windows system, FortiClient ignores the changes.
<disable_unregister>
<ui>
For other elements that you can modify locally, if FortiClient receives the same element from the FortiGate, it overwrites the existing value.
The following elements affect Endpoint Control.
Enable AV RTP:
<forticlient_configuration>
<antivirus>
<real_time_protection>
<enabled>1</enabled>
<real_time_protection>
</antivirus>
</forticlient_configuration>
Other services that may be configured from the FortiGate usually use the full set of configuration elements available to them, as described in the various sections of this document. These include the following:
<forticlient_configuration>
<system>
<update>
</update>
<log_settings>
</log_settings>
</system>
<vpn>
</vpn>
<firewall>
</firewall>
<webfilter>
</webfilter>
<vulnerability_scan>
</vulnerability_scan>
</forticlient_configuration>