Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Jamf Deployment Guide

    Home FortiClient 7.2.0 Jamf Deployment Guide
    7.2.0
    7.4.0
    7.2.0
    7.0.0

    Deploying FortiClient using a shell script

    Deploying FortiClient using a shell script

    After adding a profile, you must create a policy to deploy FortiClient. With Jamf Pro, you can deploy FortiClient to macOS devices that have any user accounts (administrator and non-administrator user accounts) without requiring user interaction. You can deploy FortiClient in the following way.

    For this procedure, all macOS devices should meet the following prerequisites:

    • Running macOS Catalina (version 10.15) or a later version
    • Managed by Jamf Pro
    • Shell scripts begin with #! and are in a valid location, such as #!/bin/sh or #!/usr/bin/env zsh.
    • Command line interpreters for the applicable shells are installed.
    To modify the script file:
    1. On a test macOS device, download the FortiClient deployment shell script .sh file:
      1. From Fortinet Service & Support, go to Firmware Images.
      2. From the Select Product dropdown list, select FortiClientMac.
      3. On the Download tab, go to Mac > v7.00 > 7.2.
      4. Select the latest shell scripts.
    2. In a terminal, open the downloaded script file.
    3. Do one of the following:
      1. If using on-premise EMS, modify the weburl value to your FortiClient download link from EMS. For example, you would change the value from weburl=<"FortiClient download URL from EMS"> to weburl="https://your_EMS_FQDN:10443/installers/Default/FCT_MAC_7.2.0_ GA/FortiClient_7.2.0.dmg", if the download link is https://your_EMS_ FQDN:10443/installers/Default/FCT_MAC_7.2.0_GA/FortiClient_7.2.0.dmg.
      2. If using FortiClient Cloud, download the FortiClient installer from FortiClient Cloud. Extract the .zip file. Copy the .dmg file to a local web server that endpoints can reach and that you own. Modify the weburl value to your local web server URL.
    4. Modify the FortiClient_Installerversion value in the script file based on your FortiClient installer version. For example, change the value from FortiClient_Installerversion=<Your FortiClient Installer version> to FortiClient_Installerversion=”7200655” if the FortiClient version is 7.2.0.0655. Enter the version number without periods.
    5. Modify the values av, af, sb, sra, sso, vs, wf, and ztna values to 1 or 0 based on the enabled features in the FortiClient installer. For example, change the value from av=<Feature enabled or disabled> to av="1” to enable malware protection. Otherwise, set av="0” to disable malware protection on the FortiClient installer. By default, all values for av, af, sb, sra, sso, vs, wf, and ztna are set to “1” based on the default installer with all features enabled.
    6. If desired, modify the script file based on your requirements. The shell script mainly performs the following tasks:
      • Uninstalling older FortiClient versions if present and installing a new version
      • Downloading the FortiClient deployment package from the EMS server. The managed macOS device must be able to access the download link to download the package.
      • Installing FortiClient on a fresh macOS device
      • Skipping FortiClient uninstallation if trying to install same FortiClient version
      • Upgrading free VPN-only FortiClient to full FortiClient
      • Upgrading to same or different version of FortiClient with different security features enabled that are unavailable on existing FortiClient
    7. Save the file.
    To add the script to Jamf Pro using the script editor:
    1. In Jamf Pro, go to Settings > Computer Management > Scripts.
    2. Click New.
    3. In the General pane, configure the script's basic settings, including the display name and category.
    4. On the Script tab, enter the script contents in the editor. You can use the tab settings to configure syntax highlighting and theme colors in the script editor.
    5. On the Options tab, configure additional settings for the script, including the priority.
    6. (Optional) On the Limitations tab, configure operating system requirements for the script.
    7. Click Save.

    For FortiClient 7.2.5 and later versions, suppress_certificate_prompt installs a file on the endpoint and tells FortiClient that Jamf will take care of the certificates. FortiClient then does not attempt to prompt for certificates, except for the Web Filter deep inspection certificate, since it is self-generated and Jamf cannot push it to FortiClient. Disabling httpsmode disables deep inspection so that it does not self-generate a certificate.

    Previous
    Next

    Deploying FortiClient using a shell script

    Deploying FortiClient using a shell script

    After adding a profile, you must create a policy to deploy FortiClient. With Jamf Pro, you can deploy FortiClient to macOS devices that have any user accounts (administrator and non-administrator user accounts) without requiring user interaction. You can deploy FortiClient in the following way.

    For this procedure, all macOS devices should meet the following prerequisites:

    • Running macOS Catalina (version 10.15) or a later version
    • Managed by Jamf Pro
    • Shell scripts begin with #! and are in a valid location, such as #!/bin/sh or #!/usr/bin/env zsh.
    • Command line interpreters for the applicable shells are installed.
    To modify the script file:
    1. On a test macOS device, download the FortiClient deployment shell script .sh file:
      1. From Fortinet Service & Support, go to Firmware Images.
      2. From the Select Product dropdown list, select FortiClientMac.
      3. On the Download tab, go to Mac > v7.00 > 7.2.
      4. Select the latest shell scripts.
    2. In a terminal, open the downloaded script file.
    3. Do one of the following:
      1. If using on-premise EMS, modify the weburl value to your FortiClient download link from EMS. For example, you would change the value from weburl=<"FortiClient download URL from EMS"> to weburl="https://your_EMS_FQDN:10443/installers/Default/FCT_MAC_7.2.0_ GA/FortiClient_7.2.0.dmg", if the download link is https://your_EMS_ FQDN:10443/installers/Default/FCT_MAC_7.2.0_GA/FortiClient_7.2.0.dmg.
      2. If using FortiClient Cloud, download the FortiClient installer from FortiClient Cloud. Extract the .zip file. Copy the .dmg file to a local web server that endpoints can reach and that you own. Modify the weburl value to your local web server URL.
    4. Modify the FortiClient_Installerversion value in the script file based on your FortiClient installer version. For example, change the value from FortiClient_Installerversion=<Your FortiClient Installer version> to FortiClient_Installerversion=”7200655” if the FortiClient version is 7.2.0.0655. Enter the version number without periods.
    5. Modify the values av, af, sb, sra, sso, vs, wf, and ztna values to 1 or 0 based on the enabled features in the FortiClient installer. For example, change the value from av=<Feature enabled or disabled> to av="1” to enable malware protection. Otherwise, set av="0” to disable malware protection on the FortiClient installer. By default, all values for av, af, sb, sra, sso, vs, wf, and ztna are set to “1” based on the default installer with all features enabled.
    6. If desired, modify the script file based on your requirements. The shell script mainly performs the following tasks:
      • Uninstalling older FortiClient versions if present and installing a new version
      • Downloading the FortiClient deployment package from the EMS server. The managed macOS device must be able to access the download link to download the package.
      • Installing FortiClient on a fresh macOS device
      • Skipping FortiClient uninstallation if trying to install same FortiClient version
      • Upgrading free VPN-only FortiClient to full FortiClient
      • Upgrading to same or different version of FortiClient with different security features enabled that are unavailable on existing FortiClient
    7. Save the file.
    To add the script to Jamf Pro using the script editor:
    1. In Jamf Pro, go to Settings > Computer Management > Scripts.
    2. Click New.
    3. In the General pane, configure the script's basic settings, including the display name and category.
    4. On the Script tab, enter the script contents in the editor. You can use the tab settings to configure syntax highlighting and theme colors in the script editor.
    5. On the Options tab, configure additional settings for the script, including the priority.
    6. (Optional) On the Limitations tab, configure operating system requirements for the script.
    7. Click Save.

    For FortiClient 7.2.5 and later versions, suppress_certificate_prompt installs a file on the endpoint and tells FortiClient that Jamf will take care of the certificates. FortiClient then does not attempt to prompt for certificates, except for the Web Filter deep inspection certificate, since it is self-generated and Jamf cannot push it to FortiClient. Disabling httpsmode disables deep inspection so that it does not self-generate a certificate.

    Previous
    Next