DOCUMENT LIBRARY

Administration Guide

Introduction
- FortiClient, FortiClient EMS, and FortiGate
- Fortinet product support for FortiClient
- Feature comparison of FortiClient standalone and licensed versions
- Endpoint communication security improvement
  - Recommended upgrade path
Getting started
- Getting started with FortiClient
- EMS and endpoint profiles
- Telemetry connection options
- EMS and automatic upgrade of FortiClient
Provisioning preparation
- Installation requirements
- Licensing
- Required services and ports
- Firmware images and tools
- Obtaining FortiClient installation files
Provisioning
- Manually installing FortiClient on computers
- Centralized FortiClient deployment
  - FortiClient EMS
  - Deploying FortiClient using Microsoft AD servers
    - Deploying FortiClient with Microsoft AD
    - Uninstalling FortiClient with Microsoft AD
- Uninstalling FortiClient
- Upgrading FortiClient
- Verifying ports and services and connection between EMS and FortiClient
User details
- Viewing user details
- Retrieving user details from cloud applications
- Adding your phone number and email address manually
- Specifying the user avatar manually
- User Profile notification
Zero Trust Telemetry
- FortiClient Telemetry
- Compliance with EMS and FortiOS
- On-/off-fabric status with EMS
  - Logging to FortiAnalyzer
- Quarantined endpoints
Remote Access
- Configuring VPN connections
  - Configuring an SSL VPN connection
  - Configuring an IPsec VPN connection
- Connecting VPNs
- SAML support for SSL VPN
- Advanced features (Windows)
- Advanced features (macOS)
  - Creating redundant IPsec VPNs
  - Creating priority-based SSL VPN connections
- VPN tunnel and script
  - Windows
  - macOS
- Internal resource lookup with IPv6 enabled on NIC interface
- Standalone VPN client
ZTNA Destination
Malware Protection
- Antivirus
- Cloud Based Malware Protection
- AntiExploit
  - Viewing detected exploit attempts
  - Evaluating the anti-exploit detection feature
- Removable media access
- Antiransomware
- Quarantined files
  - Viewing quarantined files
  - Submitting quarantined files for scanning
Sandbox Detection
- Scanning with FortiSandbox on-demand
- Viewing FortiSandbox scan results
- Using the popup window
Web & Video Filter
- Web browser plugin for HTTPS web filtering
- Viewing violations
- Troubleshooting Web Filter
Application Firewall
Vulnerability Scan
- Scanning on-demand
- Automatically fixing detected vulnerabilities
- Reviewing detected vulnerabilities before fixing
- Manually fixing detected vulnerabilities
- Viewing details about vulnerabilities
- Viewing vulnerability scan history
Notifications
Settings
- System
- Logging
  - Sending logs and Windows host events to FortiAnalyzer or FortiManager
  - Exporting the log file
- VPN options
- Advanced options
- FortiTray
Diagnostic Tool
Forensic analysis
Appendix A - API
- Overview
- API reference
Appendix B - Vulnerability patches
Appendix C - Processes
- FortiClient (Windows) processes
- FortiClient (macOS) processes
Appendix D - CLI commands
- FortiClient (Windows) CLI commands
- FortiClient (macOS) CLI commands
- FortiClient (Linux) CLI commands
Appendix E - VPN autoconnect
- Configuring autoconnect with username and password authentication
- Configuring autoconnect with certificate authentication
Appendix F - SSL VPN prelogon
- SSL VPN prelogon using AD machine certificate
- FortiGate authentication configuration
- FortiGate SSL VPN configuration
- Enabling VPN prelogon in EMS
- Enabling automatic VPN prelogon in EMS
  - Configuring VPN to automatically connect before logon
  - Verifying and troubleshooting
- Troubleshooting the prelogon SSL VPN connection

Home FortiClient 7.2.3 Administration Guide

7.2.3

Advanced options

To configure advanced options:

Go to Settings, and expand the Advanced section.

Configure the following settings, and click OK:

Default tab	Select the default tab to display when opening FortiClient.
Action for EMS invalid certificates	Select the action to take when FortiClient attempts to connect to EMS with an invalid certificate: Warn: warn the user about the invalid server certificate. Ask the user whether to proceed with connecting to EMS, or terminate the connection attempt. FortiClient remembers the user's decision for this EMS, but displays the warning prompt if FortiClient attempts to connect to another EMS (using a different EMS FQDN/IP address and certificate) with an invalid certificate. Allow: allows FortiClient to connect to EMS with an invalid certificate. Deny: block FortiClient from connecting to EMS with an invalid certificate.
Enable Single Sign-On mobility agent	Enable SSO.
Enable Privilege Access Management	Enable privilege access management (PAM). This enables FortiClient to communicate with FortiPAM. In the Local Server Port field, enter the port for FortiClient to use to communicate with FortiPAM. The default port for this communication is 9191. If you change this value, ensure that you also change it in FortiPAM.
Disable proxy (troubleshooting only)	Disable proxy when troubleshooting FortiClient.

Advanced options

To configure advanced options:

Go to Settings, and expand the Advanced section.

Configure the following settings, and click OK:

Default tab	Select the default tab to display when opening FortiClient.
Action for EMS invalid certificates	Select the action to take when FortiClient attempts to connect to EMS with an invalid certificate: Warn: warn the user about the invalid server certificate. Ask the user whether to proceed with connecting to EMS, or terminate the connection attempt. FortiClient remembers the user's decision for this EMS, but displays the warning prompt if FortiClient attempts to connect to another EMS (using a different EMS FQDN/IP address and certificate) with an invalid certificate. Allow: allows FortiClient to connect to EMS with an invalid certificate. Deny: block FortiClient from connecting to EMS with an invalid certificate.
Enable Single Sign-On mobility agent	Enable SSO.
Enable Privilege Access Management	Enable privilege access management (PAM). This enables FortiClient to communicate with FortiPAM. In the Local Server Port field, enter the port for FortiClient to use to communicate with FortiPAM. The default port for this communication is 9191. If you change this value, ensure that you also change it in FortiPAM.
Disable proxy (troubleshooting only)	Disable proxy when troubleshooting FortiClient.

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Unified SASE

Single Vendor SASE

Cloud Network Security

Secure Endpoint Connectivity

Web Application / API Protection

Security Operations

Security Operations Automation

Identity

Early Detection & Prevention

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Communication & Surveillance

Unified SASE

Single Vendor SASE

Secure Endpoint Connectivity

Cloud Network Security

Cloud-Native Security

Web Application / API Protection

Security Operations

Security Operations Automation

Endpoint

Data Protection

Identity

Email

Early Detection & Prevention

Expert Services

Edge Firewall

Orchestration & management

SD Branch

Application Delivery

Single Vendor SASE

Secure Endpoint Connectivity

Secure Private Access

Thin Edge

Identity

Application Gateway

Enterprise Asset Management

Endpoint Agent

Agentless Security Posture

Identity

Wireless

Switching

Identity

Privilege Acccess Management

Next Generation Firewall

Orchestration & management

Expert Services

All

All

Account Management

SAAS Management

SAAS Application Security

Managed Services

Platform as a service (PAAS)

Other SAAS Services

4D Pillars

Cloud

Popular Solutions

Administration Guide

Advanced options

Advanced options

To configure advanced options:

Advanced options

Advanced options

To configure advanced options: