Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiClient 7.2.5 Administration Guide
    7.2.5
    7.4.1
    7.4.0
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.6.6
    5.6.5
    5.6.4
    5.6.3
    5.6.2
    5.6.1
    5.6.0
    5.4.5
    5.4.4
    5.4.3
    5.4.2
    5.4.1
    5.4.0

    FortiClient (macOS) CLI commands

    FortiClient (macOS) CLI commands

    The following summarizes the CLI commands available for FortiClient (macOS) 7.2.5:

    Endpoint control

    FortiClient 7.2.5 must establish a Telemetry connection to EMS to receive license information. FortiClient features are only enabled after connecting to EMS.

    Usage

    You can access endpoint control features through the epctrl CLI command. This command offers the end user the ability to connect or disconnect from EMS and check the connection status. You can access usage information by using the following commands:

    ➜  ~ /Library/Application\ Support/Fortinet/FortiClient/bin/epctrl -h
FortiClient Endpoint Control

Usage:

      /Library/Application Support/Fortinet/FortiClient/bin/epctrl -r|--register <address/invitation> [-p|--port <port>] [-s|--site <site>] [-k|--key <key>] [-m|--remember]
  /Library/Application Support/Fortinet/FortiClient/bin/epctrl -u|--unregister [-k|--key <key>]
  /Library/Application Support/Fortinet/FortiClient/bin/epctrl -d|--details
  /Library/Application Support/Fortinet/FortiClient/bin/epctrl -t|--trust accept|deny
  /Library/Application Support/Fortinet/FortiClient/bin/epctrl -a|--auth

Options:
  -h --help        Show the help screen
  -r --register    Register using an EMS address or an invitation code
  -p --port        EMS port, ignored if registering by invitation code (Optional, 8013 by default)
  -s --site        EMS site, ignored if registering by invitation code (Optional, "Default" by default)
  -u --deregister  Deregister from the current EMS
  -k --key         Key for registering/deregistering from EMS if required. Will prompt for user input if key verification fails or no key is given
  -m --remember    Remember the given connection key specified by -k|--key when registering to EMS (Optional, will not remember the key by default)
  -t --trust       Trust or deny a pending invalid EMS certificate
  -a --auth        Initializes the authentication process if user authentication is enabled on EMS
  -d --details     Show telemetry details and status

    Connecting to on-premise EMS

    FortiClient can connect to on-premise EMS using the following commands. If EMS is listening on the default port, 8013, you do not need to specify the port number. If EMS is listening on another port, such as 8444, you must specify the port number with the EMS IP address. The example illustrates both use cases.

    Connecting to on-premise EMS using an invitation code (SAML configured)

    ➜ ~ /Library/Application\ Support/Fortinet/FortiClient/bin/epctrl -r <invitation_code>

    SAML URL: {SAML_url}

    Username: Connected!

    Connecting to on-premise EMS using IP address and default port

    ➜ ~ /Library/Application\ Support/Fortinet/FortiClient/bin/epctrl -r 172.18.60.251

    Registering to EMS 172.17.60.251:8013.

    Connecting to on-premise EMS using IP address and non-default port

    ➜ ~ /Library/Application\ Support/Fortinet/FortiClient/bin/epctrl -r 172.18.60.251 -p 8444

    Registering to EMS 172.17.60.251:8444.

    Connecting to on-premise EMS with multitenancy enabled

    If EMS multitenancy is enabled, you can also specify the site name. If connecting to the default site, you do not need to provide a site name. The example illustrates connecting to a site named "headquarters".

    ➜ ~ /Library/Application\ Support/Fortinet/FortiClient/bin/epctrl -r 172.18.60.251 -s headquarters

    Disconnecting from EMS

    ➜  ~ /Library/Application\ Support/Fortinet/FortiClient/bin/epctrl -u     
Deregistered

    Specifying and remembering required connection key

    EMS may require a connection key for FortiClient to connect.

    ➜ ~ /Library/Application\ Support/Fortinet/FortiClient/bin/epctrl -r 172.18.60.251 -k <connection_key> -m

    ➜ ~ /Library/Application\ Support/Fortinet/FortiClient/bin/epctrl -u -k <connection_key>

    Trusting or denying pending invalid EMS certificate

    ➜ ~ /Library/Application\ Support/Fortinet/FortiClient/bin/epctrl -t accept|deny

    Initializing authentication process if EMS has enabled user authentication

    ➜ ~ /Library/Application\ Support/Fortinet/FortiClient/bin/epctrl -a

    Showing telemetry details and status

    The following example shows output when FortiClient is not connected to EMS:

    ➜  ~ /Library/Application\ Support/Fortinet/FortiClient/bin/epctrl -d       

=====================================
 FortiClient License Details
=====================================
Last EMS Access Time:  Never Accessed
License Expiry:       Unlicensed
VPN Expiry:           Wed Feb 14 11:14:58 2024 PST

=====================================
 FortiClient EMS Details
=====================================
No telemetry data available.
    Previous
    Next

    FortiClient (macOS) CLI commands

    FortiClient (macOS) CLI commands

    The following summarizes the CLI commands available for FortiClient (macOS) 7.2.5:

    Endpoint control

    FortiClient 7.2.5 must establish a Telemetry connection to EMS to receive license information. FortiClient features are only enabled after connecting to EMS.

    Usage

    You can access endpoint control features through the epctrl CLI command. This command offers the end user the ability to connect or disconnect from EMS and check the connection status. You can access usage information by using the following commands:

    ➜  ~ /Library/Application\ Support/Fortinet/FortiClient/bin/epctrl -h
FortiClient Endpoint Control

Usage:

      /Library/Application Support/Fortinet/FortiClient/bin/epctrl -r|--register <address/invitation> [-p|--port <port>] [-s|--site <site>] [-k|--key <key>] [-m|--remember]
  /Library/Application Support/Fortinet/FortiClient/bin/epctrl -u|--unregister [-k|--key <key>]
  /Library/Application Support/Fortinet/FortiClient/bin/epctrl -d|--details
  /Library/Application Support/Fortinet/FortiClient/bin/epctrl -t|--trust accept|deny
  /Library/Application Support/Fortinet/FortiClient/bin/epctrl -a|--auth

Options:
  -h --help        Show the help screen
  -r --register    Register using an EMS address or an invitation code
  -p --port        EMS port, ignored if registering by invitation code (Optional, 8013 by default)
  -s --site        EMS site, ignored if registering by invitation code (Optional, "Default" by default)
  -u --deregister  Deregister from the current EMS
  -k --key         Key for registering/deregistering from EMS if required. Will prompt for user input if key verification fails or no key is given
  -m --remember    Remember the given connection key specified by -k|--key when registering to EMS (Optional, will not remember the key by default)
  -t --trust       Trust or deny a pending invalid EMS certificate
  -a --auth        Initializes the authentication process if user authentication is enabled on EMS
  -d --details     Show telemetry details and status

    Connecting to on-premise EMS

    FortiClient can connect to on-premise EMS using the following commands. If EMS is listening on the default port, 8013, you do not need to specify the port number. If EMS is listening on another port, such as 8444, you must specify the port number with the EMS IP address. The example illustrates both use cases.

    Connecting to on-premise EMS using an invitation code (SAML configured)

    ➜ ~ /Library/Application\ Support/Fortinet/FortiClient/bin/epctrl -r <invitation_code>

    SAML URL: {SAML_url}

    Username: Connected!

    Connecting to on-premise EMS using IP address and default port

    ➜ ~ /Library/Application\ Support/Fortinet/FortiClient/bin/epctrl -r 172.18.60.251

    Registering to EMS 172.17.60.251:8013.

    Connecting to on-premise EMS using IP address and non-default port

    ➜ ~ /Library/Application\ Support/Fortinet/FortiClient/bin/epctrl -r 172.18.60.251 -p 8444

    Registering to EMS 172.17.60.251:8444.

    Connecting to on-premise EMS with multitenancy enabled

    If EMS multitenancy is enabled, you can also specify the site name. If connecting to the default site, you do not need to provide a site name. The example illustrates connecting to a site named "headquarters".

    ➜ ~ /Library/Application\ Support/Fortinet/FortiClient/bin/epctrl -r 172.18.60.251 -s headquarters

    Disconnecting from EMS

    ➜  ~ /Library/Application\ Support/Fortinet/FortiClient/bin/epctrl -u     
Deregistered

    Specifying and remembering required connection key

    EMS may require a connection key for FortiClient to connect.

    ➜ ~ /Library/Application\ Support/Fortinet/FortiClient/bin/epctrl -r 172.18.60.251 -k <connection_key> -m

    ➜ ~ /Library/Application\ Support/Fortinet/FortiClient/bin/epctrl -u -k <connection_key>

    Trusting or denying pending invalid EMS certificate

    ➜ ~ /Library/Application\ Support/Fortinet/FortiClient/bin/epctrl -t accept|deny

    Initializing authentication process if EMS has enabled user authentication

    ➜ ~ /Library/Application\ Support/Fortinet/FortiClient/bin/epctrl -a

    Showing telemetry details and status

    The following example shows output when FortiClient is not connected to EMS:

    ➜  ~ /Library/Application\ Support/Fortinet/FortiClient/bin/epctrl -d       

=====================================
 FortiClient License Details
=====================================
Last EMS Access Time:  Never Accessed
License Expiry:       Unlicensed
VPN Expiry:           Wed Feb 14 11:14:58 2024 PST

=====================================
 FortiClient EMS Details
=====================================
No telemetry data available.
    Previous
    Next