Fortinet white logo
Fortinet white logo

EMS Administration Guide

Importing a Web profile from FortiOS or FortiManager

Importing a Web profile from FortiOS or FortiManager

You can import a Web Filter profile from FortiOS or FortiManager into FortiClient EMS, then synchronize the Web Filter profile settings to an endpoint profile in FortiClient EMS.

This feature is only available if Web Filter is enabled in Feature Select. See Feature Select.

To import a Web Filter profile:
  1. Configure FortiOS or FortiManager to allow EMS profile importation:
    1. If using FortiOS, go to Network > Interfaces, select the desired port, and under Administrative Access, enable the HTTPS checkbox.
    2. If using FortiManager, do the following:
      1. Go to System Settings > Network and enable the HTTPS checkbox under Administrative Access.
      2. You must set Remote Procedure Call to read. Run the get system admin user admin command. Ensure that rpc-permit is set to read.
      3. If rpc-permit is not set to read, run the following commands:

        config system admin user

        edit "admin"

        set rpc-permit read

        end

  2. Go to Endpoint Profiles > Import from FortiGate / FortiManager. Click Import from FortiGate / FortiManager.

  3. Under Type, select FortiGate or FortiManager.
  4. Complete the following options, and click Next.

    IP address/Hostname

    Enter the IP address and port of the FortiGate or FortiManager from which you are importing the profile, in the format: <ip address>:<port>.

    VDOM

    Enter a VDOM name from the FortiGate or FortiManager if applicable.

    Username

    Enter a username for the FortiGate or FortiManager.

    Password

    Enter the password for the user account entered above.

    The list of Web Filter profiles configured on the FortiGate or FortiManager displays.

    You can click the </> icon beside each profile to preview the settings in XML format.

  5. Select the profiles to import into FortiClient EMS and click Next.
  6. Under Synchronization Mode, select one of the following options.

    1. One Time Pull: FortiClient EMS does not automatically sync profile changes from the FortiGate or FortiManager. You can manually sync profile changes after importing the profile. See Syncing profile changes.
    2. Group Schedule: Configure a group synchronization schedule for all selected profiles. Select the next date and time to automatically update the profiles, and the profile update interval in days, hours, or minutes.
    3. Individual Schedule: Configure an individual synchronization schedule for each selected profile. Select the next date and time to automatically update each profile, and the profile update interval in days, hours, or minutes.
  7. Click Import. EMS imports the selected profiles and displays them in Endpoint Profiles > Import from FortiGate/FortiManager in a group named after the FortiGate or FortiManager that you imported them from. You can now configure an EMS endpoint profile to synchronize Web Filter settings from the imported FortiGate or FortiManager Web Filter profile. See Web Filter.
  8. After importing the profile, you can synchronize the profile from the FortiGate or FortiManager on-demand by selecting the profile, then clicking Sync Now.

Importing a Web profile from FortiOS or FortiManager

Importing a Web profile from FortiOS or FortiManager

You can import a Web Filter profile from FortiOS or FortiManager into FortiClient EMS, then synchronize the Web Filter profile settings to an endpoint profile in FortiClient EMS.

This feature is only available if Web Filter is enabled in Feature Select. See Feature Select.

To import a Web Filter profile:
  1. Configure FortiOS or FortiManager to allow EMS profile importation:
    1. If using FortiOS, go to Network > Interfaces, select the desired port, and under Administrative Access, enable the HTTPS checkbox.
    2. If using FortiManager, do the following:
      1. Go to System Settings > Network and enable the HTTPS checkbox under Administrative Access.
      2. You must set Remote Procedure Call to read. Run the get system admin user admin command. Ensure that rpc-permit is set to read.
      3. If rpc-permit is not set to read, run the following commands:

        config system admin user

        edit "admin"

        set rpc-permit read

        end

  2. Go to Endpoint Profiles > Import from FortiGate / FortiManager. Click Import from FortiGate / FortiManager.

  3. Under Type, select FortiGate or FortiManager.
  4. Complete the following options, and click Next.

    IP address/Hostname

    Enter the IP address and port of the FortiGate or FortiManager from which you are importing the profile, in the format: <ip address>:<port>.

    VDOM

    Enter a VDOM name from the FortiGate or FortiManager if applicable.

    Username

    Enter a username for the FortiGate or FortiManager.

    Password

    Enter the password for the user account entered above.

    The list of Web Filter profiles configured on the FortiGate or FortiManager displays.

    You can click the </> icon beside each profile to preview the settings in XML format.

  5. Select the profiles to import into FortiClient EMS and click Next.
  6. Under Synchronization Mode, select one of the following options.

    1. One Time Pull: FortiClient EMS does not automatically sync profile changes from the FortiGate or FortiManager. You can manually sync profile changes after importing the profile. See Syncing profile changes.
    2. Group Schedule: Configure a group synchronization schedule for all selected profiles. Select the next date and time to automatically update the profiles, and the profile update interval in days, hours, or minutes.
    3. Individual Schedule: Configure an individual synchronization schedule for each selected profile. Select the next date and time to automatically update each profile, and the profile update interval in days, hours, or minutes.
  7. Click Import. EMS imports the selected profiles and displays them in Endpoint Profiles > Import from FortiGate/FortiManager in a group named after the FortiGate or FortiManager that you imported them from. You can now configure an EMS endpoint profile to synchronize Web Filter settings from the imported FortiGate or FortiManager Web Filter profile. See Web Filter.
  8. After importing the profile, you can synchronize the profile from the FortiGate or FortiManager on-demand by selecting the profile, then clicking Sync Now.