Configuring a Mobileconfig profile to enable Web Filter
To enable Web Filter, the iOS device must be supervised and you must install a Mobileconfig profile with a content filter on the device. Installing a mobileconfig profile requires the following:
- Apple Configurator 2 (or equivalent mobile device management (MDM) application) installed.
- iOS devices are supervised.
You can find instructions on how to supervise your iOS devices on the Apple Configurator 2 Help (or your MDM application) website.
To create a Mobileconfig profile for FortiClient Web Filter:
- Launch Apple Configurator 2.
- Go to File > New Profile.
- Enter a Name for the profile.
- Select Content Filter from the left panel.
- Click Configure.
- Select Plugin (Third Party App) from the Filter Type dropdown list.
- Configure the following:
Field
Value
Filter Name
FortiClient
Identifier
com.fortinet.forticlient.fabricagent
Service Address
fgd1.fortigate.com
Organization
Fortinet, Inc.
User Name
You can use this field to specify the EMS (IP address or FQDN), port, and connection key (optional). For example, the following string allows FortiClient (iOS) to connect to the EMS at ems.example.com at port 8013, with key “ConnectionKey”:
ems.example.com:8013 ConnectionKey
Filter WebKit Traffic
Select the Filter WebKit Traffic checkbox.
- Click Save.
Due to restrictions that Apple set, you must launch FortiClient (iOS) once before the configuration takes effect. You can use EMS Zero Trust tagging rules to ensure users launch FortiClient (iOS) before browsing the internet. See Adding a Zero Trust tagging rule set. |