Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    EMS Administration Guide

    Home FortiClient 7.4.5 EMS Administration Guide
    7.4.5
    7.4.5
    7.4.4
    7.4.3
    7.4.1
    7.4.0
    7.2.13
    7.2.12
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.9
    6.4.8
    6.4.7
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.8
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0

    Creating a deployment configuration

    Creating a deployment configuration

    Note

    EMS may not deploy certain FortiClient versions to the selected endpoints.

    EMS can download a signature, the EMS/FCT upgrade & compatibility matrix signature, from FortiGuard. This signature provides operating system support information for FortiClient versions. EMS uses this information and only pushes deployment to endpoints with an OS that supports the FortiClient version deployed.

    For example, consider that you have an endpoint running Windows 7, which FortiClient 7.4.4 does not support. If your EMS has the EMS/FCT upgrade & compatibility matrix and you create a deployment configuration to deploy FortiClient 7.4.4 to the endpoint, EMS does not deploy FortiClient 7.4.4 to that endpoint.
    To create a deployment configuration:
    1. Go to Deployment & Installers > Manage Deployment.
    2. Click Add.
    3. Configure the fields as desired:

      Field

      Description

      NameRequired. Enter the desired name.
      Endpoint Groups

      Optional. Select the desired endpoint group. The list includes device groups for all imported domains and workgroups.

      If you are selecting a security group from a Microsoft Entra ID server, it must include a device object. If you are selecting a security group from an Active Directory server, it must include a computer object. If you select a security group that only has user objects as members, EMS does not assign the installer to the users.

      Action

      Select Install or Uninstall.

      When EMS pushes an uninstall to FortiClient (macOS), the uninstall does not remove FortiClient system extensions from the device. A user can run the uninstaller manually to remove system extensions as part of the uninstall.

      Deployment PackageSelect the desired deployment package from the dropdown list.
      Start at a Scheduled TimeIf this feature is enabled, FortiClient displays a notification to users that there is a newer FortiClient version that they are expected to upgrade to. The time that you specify in this field displays to users as the default scheduled time for the installation to take place. The notification also allows users to configure a custom install time or to install the update immediately. If this feature is disabled, the FortiClient installation starts immediately without user interaction.

      Unattended Installation

      When enabled, the end user cannot modify the installation schedule. If needed, the device reboots without warning logged-in users.

      Reboot When Needed

      Reboot the endpoint to install FortiClient when needed.

      This option is supported on FortiClient Windows 7.2.0-7.2.5 and 7.4.0 only.

      Reboot When No Users Are Logged InAllow the endpoint to reboot without prompt if no endpoint user is logged into FortiClient.
      Notify Users and Let Them Decide When To Reboot When Users Are Logged In

      Notify the end user if a reboot of the endpoint is needed and allow the user to decide what time to reboot the endpoint. Disable to reboot the endpoint without notifying the user.

      This option is supported on FortiClient Windows 7.2.0-7.2.5 and 7.4.0 only.

      PriorityThe default priority for a new deployment configuration is the lowest priority. You cannot edit the priority while creating the deployment configuration. You can edit change the priority level after creating the deployment configuration. See Managing deployment configuration priority levels.
      Enable the DeploymentEnable or disable.
    4. Click Save.
    Previous
    Next

    Creating a deployment configuration

    Creating a deployment configuration

    Note

    EMS may not deploy certain FortiClient versions to the selected endpoints.

    EMS can download a signature, the EMS/FCT upgrade & compatibility matrix signature, from FortiGuard. This signature provides operating system support information for FortiClient versions. EMS uses this information and only pushes deployment to endpoints with an OS that supports the FortiClient version deployed.

    For example, consider that you have an endpoint running Windows 7, which FortiClient 7.4.4 does not support. If your EMS has the EMS/FCT upgrade & compatibility matrix and you create a deployment configuration to deploy FortiClient 7.4.4 to the endpoint, EMS does not deploy FortiClient 7.4.4 to that endpoint.
    To create a deployment configuration:
    1. Go to Deployment & Installers > Manage Deployment.
    2. Click Add.
    3. Configure the fields as desired:

      Field

      Description

      NameRequired. Enter the desired name.
      Endpoint Groups

      Optional. Select the desired endpoint group. The list includes device groups for all imported domains and workgroups.

      If you are selecting a security group from a Microsoft Entra ID server, it must include a device object. If you are selecting a security group from an Active Directory server, it must include a computer object. If you select a security group that only has user objects as members, EMS does not assign the installer to the users.

      Action

      Select Install or Uninstall.

      When EMS pushes an uninstall to FortiClient (macOS), the uninstall does not remove FortiClient system extensions from the device. A user can run the uninstaller manually to remove system extensions as part of the uninstall.

      Deployment PackageSelect the desired deployment package from the dropdown list.
      Start at a Scheduled TimeIf this feature is enabled, FortiClient displays a notification to users that there is a newer FortiClient version that they are expected to upgrade to. The time that you specify in this field displays to users as the default scheduled time for the installation to take place. The notification also allows users to configure a custom install time or to install the update immediately. If this feature is disabled, the FortiClient installation starts immediately without user interaction.

      Unattended Installation

      When enabled, the end user cannot modify the installation schedule. If needed, the device reboots without warning logged-in users.

      Reboot When Needed

      Reboot the endpoint to install FortiClient when needed.

      This option is supported on FortiClient Windows 7.2.0-7.2.5 and 7.4.0 only.

      Reboot When No Users Are Logged InAllow the endpoint to reboot without prompt if no endpoint user is logged into FortiClient.
      Notify Users and Let Them Decide When To Reboot When Users Are Logged In

      Notify the end user if a reboot of the endpoint is needed and allow the user to decide what time to reboot the endpoint. Disable to reboot the endpoint without notifying the user.

      This option is supported on FortiClient Windows 7.2.0-7.2.5 and 7.4.0 only.

      PriorityThe default priority for a new deployment configuration is the lowest priority. You cannot edit the priority while creating the deployment configuration. You can edit change the priority level after creating the deployment configuration. See Managing deployment configuration priority levels.
      Enable the DeploymentEnable or disable.
    4. Click Save.
    Previous
    Next