FortiClient (Linux) installer creation support
EMS can create FortiClient (Linux) installers and deploy them to Linux endpoints. It can perform scheduled or on-demand deployments for FortiClient (Linux) as required. This replaces the manual repackaging tool used to add Linux installers to EMS as EMS adds the telemetry IP address to the installer during deployment. You no longer have to download FortiClient (Linux) installers and perform manual installs.
This example creates an installer to upgrade FortiClient (Linux) 7.2.4 to 7.4.0.
To configure FortiClient (Linux) deployment in EMS:
- In EMS, create the FortiClient (Linux) deployment package:
- Go to Deployment & Installers > FortiClient Installer.
- Click Add.
- Under Installer Type, select Create installer.
- From the Release dropdown list, select 7.4.
- From the Patch dropdown list, select 7.4.0.
- Configure other options as desired, then click Finish.
- Go to Deployment & Installers > Manage Deployment.
- Click Add.
- For Action, select Install.
- From the Deployment Package dropdown list, select the deployment package that you created.
- Configure other options as desired, then click Save.
To verify FortiClient (Linux) deployment on the endpoint:
You can only view FortiClient (Linux) deployment progress from the CLI. You can refer to /var/log/forticlient/.epctrl.log for deployment updates. The following shows the log for when FortiClient (Linux) receives the upgrade notification from EMS:
20240405 14:59:04.376 TZ=-0700 [epctrl:DEBG] state_machine:904 REPLY=FCKARPLY: CONT|1|EMSSN|FCTEMS123456:EMA-Linux-2|UPLD_PRT|8013|KA_INTERVAL|20|LIC_FEATS|14613503|LIC_ED|1744700400|SNAPTIME|0|QUAR|0|AVTR|1|AV_SIG|92.3103|EMS_ONNET|0|RUN_SRV_CMD|4|UPGRADE_PATH|10.1.1.8:10443/installers/default/7.4.0%20GA/FortiClientSetup_7.4.0.deb|DEVICE_ID|4|SCH_ID|1369|REBOOT_PROMPT|1|AUTOREBOOT0USERS|1|REBOOTWHENNEEDED|1|UNATTENDED|0|FILESHA256|b3fa3da02d4dc6119ba910eb50a4de4481ba199300c90b679b2fe1f48dc906b6|FILESIZE|281080740|TAGS|100000000000000000000000000000000000000000000000000000000|SERIAL|abcdefg|TENANT|00000000000000000000000000000000|PROTO_VERSION|1.0.0|PERCON|0|
FortiClient (Linux) downloads the deployment package from EMS:
20240405 14:59:26.550 TZ=-0700 [epctrl:INFO] deployment_checker:255 Sent current status to EMS: Downloading 20240405 14:59:26.551 TZ=-0700 [epctrl:INFO] data_downloader:83 Added download: upgrade installer 20240405 14:59:26.551 TZ=-0700 [epctrl:INFO] data_downloader:126 Processing download: upgrade installer 20240405 14:59:26.551 TZ=-0700 [epctrl:WARN] deployment:88 Unable to open file /var/lib/forticlient/deploy/forticlient.deb 20240405 14:59:26.551 TZ=-0700 [epctrl:INFO] data_downloader:193 Downloading data from 10.1.1.8:10443/installers/default/7.4.0%20GA/FortiClientSetup_7.4.0.deb 20240405 14:59:26.577 TZ=-0700 [epctrl:DEBG] network_impl:351 Server certificate matches the current fingerprint 20240405 14:59:27.105 TZ=-0700 [epctrl:DEBG] data_downloader:287 Downloaded from https://10.1.1.8:10443/installers/default/7.4.0%20GA/FortiClientSetup_7.4.0.deb [response: 200, transferred: 281080740] 20240405 14:59:27.322 TZ=-0700 [epctrl:INFO] data_downloader:393 Upgrade installer successfully downloaded
FortiClient (Linux) installs the deployment package:
20240405 14:59:27.386 TZ=-0700 [epctrl:INFO] deployment_checker:255 Sent current status to EMS: Install Started 20240405 14:59:27.386 TZ=-0700 [epctrl:INFO] deployment_checker:281 Starting upgrade 20240405 14:59:27.386 TZ=-0700 [epctrl:INFO] deployment_impl:155 Detected OS: ubuntu 20240405 14:59:27.398 TZ=-0700 [epctrl:INFO] deployment_impl:165 Install package version: 7.4.0.1617 20240405 14:59:27.398 TZ=-0700 [epctrl:INFO] deployment_impl:167 Current package version: 7.2.4.0809 20240405 14:59:27.398 TZ=-0700 [epctrl:INFO] deployment_impl:170 Install command: DEBIAN_FRONTEND=noninteractive /usr/bin/systemd-run --scope /usr/bin/apt-get --allow-downgrades --reinstall -y install /var/lib/forticlient/deploy/forticlient.deb 20240405 14:59:38.574 TZ=-0700 [epctrl:INFO] main:25 Starting endpoint control 20240405 14:59:38.574 TZ=-0700 [epctrl:DEBG] state_machine:146 In state: Initialize 20240405 14:59:38.575 TZ=-0700 [epctrl:INFO] epctrl_impl:184 Starting network monitor 20240405 14:59:38.582 TZ=-0700 [epctrl:INFO] endpoint_impl:889 Loading repackaged installer info 20240405 14:59:38.596 TZ=-0700 [epctrl:INFO] endpoint_impl:939 Loaded on-prem invitation info from installer 20240405 14:59:38.596 TZ=-0700 [epctrl:INFO] endpoint_impl:989 Loaded installer server info: 10.1.1.8:8013 (Site: default)
Upon successful installation, /var/log/forticlient/deploy.log is updated with the last deployment statistics:
Running scope as unit: run-r39d2deba500f46c3bd3f2d2db4695278.scope Reading package lists... Building dependency tree... Reading state information... The following packages will be upgraded: forticlient 1 upgraded, 0 newly installed, 0 to remove and 30 not upgraded. Need to get 0 B/281 MB of archives. After this operation, 91.7 MB of additional disk space will be used. Get:1 /var/lib/forticlient/deploy/forticlient.deb forticlient amd64 7.4.0.1617 [281 MB] debconf: delaying package configuration, since apt-utils is not installed (Reading database ... 193069 files and directories currently installed.) Preparing to unpack .../deploy/forticlient.deb ... Module "FortiClient ZTNA" deleted from database. Unpacking forticlient (7.4.0.1617) over (7.2.4.0809) ... Setting up forticlient (7.4.0.1617) ... gtk-update-icon-cache: Cache file created successfully. Processing triggers for hicolor-icon-theme (0.17-2) ... Processing triggers for gnome-menus (3.36.0-1ubuntu3) ... Processing triggers for mailcap (3.70+nmu1ubuntu1) ... Processing triggers for desktop-file-utils (0.26-1ubuntu3) ...
In EMS, the endpoint details show that deployment finished and the new FortiClient version installed successfully.