Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Special notices

FortiClient EMS Microsoft Visual C++ installation

The EMS installation includes installation of Microsoft Visual C++ (VC) 2015. If the server already has a newer version of VC installed, the installation fails. See VC++ 2015 Redistributable installation returns error 1638 when newer version already installed.

If you have a version of VC installed on your server that is newer than 2015, uninstall VC before installing EMS.

SQL Server Standard or Enterprise with 5000 or more endpoints

When managing more than 5000 endpoints, install SQL Server Standard or Enterprise instead of SQL Server Express, which the EMS installation also installs by default. Otherwise, you may experience database deadlocks. The minimum SQL Server version that FortiClient EMS supports is 2017. See the FortiClient EMS Administration Guide.

Split tunnel

In EMS 7.0.2, you configure application split tunnel using per-tunnel configuration, not a global configuration. If you are upgrading from an older version that uses the global application split tunnel configuration, ensure that you change the configuration to per-tunnel.

Endpoint security improvement

EMS 7.0.2 adds an improvement to endpoint security that impacts compatibility between FortiClient and EMS, and the recommended upgrade path. The FortiClient 7.0.2 installer is not available on FortiGuard Distribution Servers (FDS). To use the FortiClient 7.0.2 installer, you must download it from Customer Service & Support. See Endpoint security improvement.

If Use SSL certificate for Endpoint Control is disabled, EMS displays a popup that the SSL certificate is not secure even if the SSL certificate is publicly signed and trusted. The banner also displays the same message.

If the EMS server certificate is invalid, and FortiClient is upgraded to 7.0.2, by default, FortiClient displays a warning message on the GUI when trying to connect to the EMS. The end user should click allow to complete the connection. FortiClient does not connect to the EMS if the end user selects deny. If the end user selects deny, FortiClient retries connecting to the EMS after a system reboot. The same warning message displays while trying to connect to the EMS. The end user should click allow to complete the connection.

Note

When the new Use SSL certificate for Endpoint Control option is enabled and EMS is using a valid server certificate, FortiClient 7.0.1 and older versions will no longer be able to connect to the EMS.

Special notices

FortiClient EMS Microsoft Visual C++ installation

The EMS installation includes installation of Microsoft Visual C++ (VC) 2015. If the server already has a newer version of VC installed, the installation fails. See VC++ 2015 Redistributable installation returns error 1638 when newer version already installed.

If you have a version of VC installed on your server that is newer than 2015, uninstall VC before installing EMS.

SQL Server Standard or Enterprise with 5000 or more endpoints

When managing more than 5000 endpoints, install SQL Server Standard or Enterprise instead of SQL Server Express, which the EMS installation also installs by default. Otherwise, you may experience database deadlocks. The minimum SQL Server version that FortiClient EMS supports is 2017. See the FortiClient EMS Administration Guide.

Split tunnel

In EMS 7.0.2, you configure application split tunnel using per-tunnel configuration, not a global configuration. If you are upgrading from an older version that uses the global application split tunnel configuration, ensure that you change the configuration to per-tunnel.

Endpoint security improvement

EMS 7.0.2 adds an improvement to endpoint security that impacts compatibility between FortiClient and EMS, and the recommended upgrade path. The FortiClient 7.0.2 installer is not available on FortiGuard Distribution Servers (FDS). To use the FortiClient 7.0.2 installer, you must download it from Customer Service & Support. See Endpoint security improvement.

If Use SSL certificate for Endpoint Control is disabled, EMS displays a popup that the SSL certificate is not secure even if the SSL certificate is publicly signed and trusted. The banner also displays the same message.

If the EMS server certificate is invalid, and FortiClient is upgraded to 7.0.2, by default, FortiClient displays a warning message on the GUI when trying to connect to the EMS. The end user should click allow to complete the connection. FortiClient does not connect to the EMS if the end user selects deny. If the end user selects deny, FortiClient retries connecting to the EMS after a system reboot. The same warning message displays while trying to connect to the EMS. The end user should click allow to complete the connection.

Note

When the new Use SSL certificate for Endpoint Control option is enabled and EMS is using a valid server certificate, FortiClient 7.0.1 and older versions will no longer be able to connect to the EMS.