DOCUMENT LIBRARY
DOCUMENT LIBRARY
Products
Best Practices
Hardware Guides
Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
Hybrid Mesh Firewall
FortiGate/FortiOS
FortiGate-5000
|
6000
|
7000
NOC Management
FortiManager
|
FortiManager Cloud
Managed Fortigate Service
LAN
FortiSwitch
FortiAP/FortiWiFi
FortiEdge Cloud
FortiNAC-F
WAN
Secure SD-WAN
FortiExtender
More >>
Unified SASE
Single Vendor SASE
FortiSASE
Secure SD-WAN
Zero Trust Network Access (ZTNA)
FortiProxy
FortiMonitor
Cloud Network Security
FortiGate Public Cloud
FortiGate Private Cloud
FortiGate CNF
FortiFlex
Lacework FortiCNAPP
Secure Endpoint Connectivity
FortiClient
|
FortiClient Cloud
Web Application / API Protection
FortiWeb
FortiADC
FortiAppSec Cloud
FortiDAST
More >>
Security Operations
Security Operations Automation
FortiAnalyzer
|
FortiAnalyzer Cloud
FortiSIEM
|
FortiSIEM Cloud
FortiSOAR
SOC-as-a-Service (SOCaaS)
Identity
FortiAuthenticator
FortiAuthenticator Cloud
FortiPAM
Early Detection & Prevention
FortiSandbox
|
FortiSandbox Cloud
FortiNDR
|
FortiNDR Cloud
FortiDeceptor
FortiRecon
More >>
Secure Networking
Hybrid Mesh Firewall
FortiGate/FortiOS
FortiGate-5000
|
6000
|
7000
NOC Management
FortiManager
|
FortiManager Cloud
Managed Fortigate Service
FortiAIOps
LAN
FortiSwitch
FortiAP/FortiWiFi
FortiAP-U Series
FortiEdge Cloud
FortiNAC-F
WAN
Secure SD-WAN
FortiExtender
Communication & Surveillance
FortiVoice
|
FortiVoice Cloud
FortiFone
FortiCamera
FortiRecorder
FortiCentral
Unified SASE
Single Vendor SASE
FortiSASE
Secure SD-WAN
Zero Trust Network Access (ZTNA)
FortiProxy
FortiMonitor
Secure Endpoint Connectivity
FortiClient
|
FortiClient Cloud
Cloud Network Security
FortiGate Public Cloud
FortiGate Private Cloud
FortiGate CNF
FortiFlex
Cloud-Native Security
Lacework FortiCNAPP
FortiDevSec
Web Application / API Protection
FortiWeb
FortiADC
FortiAppSec Cloud
FortiDAST
Security Operations
Security Operations Automation
FortiAnalyzer
|
FortiAnalyzer Cloud
FortiSIEM
|
FortiSIEM Cloud
FortiSOAR
Endpoint
FortiClient
|
FortiClient Cloud
FortiEDR/XDR
Data Protection
FortiDLP
FortiDLP Agent
FortiDLP Policies
Identity
FortiAuthenticator
FortiAuthenticator Cloud
FortiToken
|
FortiIdentity Cloud
FortiPAM
Email
FortiMail
FortiPhish
Early Detection & Prevention
FortiSandbox
|
FortiSandbox Cloud
FortiNDR
|
FortiNDR Cloud
FortiDeceptor
FortiRecon
Expert Services
SOC-as-a-Service (SOCaaS)
Edge Firewall
FortiGate/FortiOS
FortiGate-5000
|
6000
|
7000
FortiGate Public Cloud
FortiGate Private Cloud
Orchestration & management
FortiManager
|
FortiManager Cloud
FortiAnalyzer
|
FortiAnalyzer Cloud
Overlay-as-a-Service
SD Branch
FortiSwitch
FortiAP/FortiWiFi
FortiExtender
|
FortiExtender Cloud
Application Delivery
FortiADC
|
FortiGSLB
Single Vendor SASE
FortiSASE
Secure Endpoint Connectivity
FortiClient
|
FortiClient Cloud
Secure Private Access
Secure SD-WAN
Zero Trust Network Access (ZTNA)
Thin Edge
FortiGate/FortiOS
FortiAP/FortiWiFi
FortiExtender
|
FortiExtender Cloud
Identity
FortiAuthenticator
FortiAuthenticator Cloud
FortiIdentity Cloud
FortiToken
Application Gateway
FortiGate/FortiOS
FortiProxy
FortiADC
|
FortiGSLB
Enterprise Asset Management
FortiClient EMS
Endpoint Agent
FortiClient
|
FortiClient Cloud
Agentless Security Posture
FortiNAC-F
FortiSIEM
|
FortiSIEM Cloud
Identity
FortiAuthenticator
FortiAuthenticator Cloud
FortiIdentity Cloud
FortiToken
Wireless
FortiAP/FortiWiFi
FortiAP-U Series
FortiGate Cloud
Switching
FortiSwitch
FortiEdge Cloud
FortiNAC-F
Identity
FortiAuthenticator
FortiAuthenticator Cloud
FortiIdentity Cloud
FortiToken
Privilege Acccess Management
FortiPAM
Next Generation Firewall
FortiGate/FortiOS
FortiGate-5000
/
6000
/
7000
FortiGate Public Cloud
FortiGate Private Cloud
Orchestration & management
FortiManager
|
FortiManager Cloud
FortiAnalyzer
|
FortiAnalyzer Cloud
Expert Services
SOC-as-a-Service (SOCaaS)
Managed Fortigate Service
Web Application / API Protection
FortiWeb
FortiAppSec Cloud
All
FortiADC Public Cloud
FortiAnalyzer Public Cloud
FortiAuthenticator Public Cloud
FortiDeceptor Public Cloud
FortiGate Public Cloud
FortiIsolator Public Cloud
FortiManager Public Cloud
FortiNDR Public Cloud
FortiPAM Public Cloud
FortiPortal Public Cloud
FortiProxy Public Cloud
FortiSandbox Public Cloud
FortiTester Public Cloud
FortiVoice Public Cloud
FortiWeb Manager Public Cloud
FortiWeb Public Cloud
All
FortiADC Private Cloud
FortiAnalyzer BigData Private Cloud
FortiAnalyzer Private Cloud
FortiAuthenticator Private Cloud
FortiDeceptor Private Cloud
FortiGate Private Cloud
FortiManager Private Cloud
FortiNDR Private Cloud
FortiPAM Private Cloud
FortiProxy Private Cloud
FortiSandbox Private Cloud
FortiTester Private Cloud
FortiVoice Private Cloud
FortiWeb Manager Private Cloud
FortiWeb Private Cloud
Account Management
FortiCloud Services
SAAS Management
FortiGate Cloud
FortiClient Cloud
FortiEdge Cloud
FortiExtender Cloud
FortiPresence Cloud
FortiIdentity Cloud
FortiAuthenticator Cloud
FortiZTP
FortiCamera Cloud
SAAS Application Security
FortiWeb Cloud
FortiGSLB
FortiCASB
FortiCNP
FortiInsight
FortiPhish
FortiGate CNF
Managed Services
SOC-as-a-Service (SOCaaS)
Managed Fortigate Service
Platform as a service (PAAS)
FortiSASE
FortiAnalyzer Cloud
FortiManager Cloud
FortiClient Cloud
FortiSandbox Cloud
FortiMail Cloud
FortiSOAR Cloud
Other SAAS Services
Overlay-as-a-Service
FortiRecon
FortiConverter
ForiIPAM
FortiFlex
FortiCare Elite
FortiTIP Cloud
4D Resources
Solution Hubs
Define, design, deploy, demo
4D Pillars
Secure SD-WAN
Zero Trust Access
Wireless
Switching
Secure Access Service Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Curated Links by Solution
Cloud
FortiCloud
Public & Private Cloud
Popular Solutions
Secure SD-WAN
Zero Trust Network Access
Secure Access
Security Fabric
Tele-Working
Multi-Factor Authentication
FortiASIC
Operational Technology
MSSP
Next Generation Firewall
FortiAIOps
FortiAnalyzer
FortiAnalyzer Big-Data
FortiADC
FortiAP/FortiWiFi
FortiAP U-Series
FortiAuthenticator
FortiBranchSASE
FortiCache
FortiCamera
FortiCarrier
FortiController
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiExtender
FortiFone
FortiGate
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiHypervisor
FortiIsolator
FortiMail
FortiManager
FortiNAC
FortiNDR
FortiNDR Cloud
FortiProxy
FortiRecorder
FortiRPS
FortiSandbox
FortiSIEM
FortiSwitch
FortiTester
FortiToken
FortiVoice
FortiWAN
FortiWeb
FortiWLC
FortiWLM
AV Engine
AWS Firewall Rules
AscenLink
CTAP Cloud
Container FortiOS
FortiADC
FortiADC E Series
FortiADC Kubernetes Controller
FortiADC Manager
FortiADC Private Cloud
FortiADC Public Cloud
FortiAIOps
FortiAP / FortiWiFi
FortiAP-U Series
FortiAnalyzer
FortiAnalyzer BigData
FortiAnalyzer Cloud
FortiAnalyzer Private Cloud
FortiAnalyzer Public Cloud
FortiAppSec Cloud
FortiAuthenticator
FortiAuthenticator Cloud
FortiAuthenticator Private Cloud
FortiAuthenticator Public Cloud
FortiBalancer
FortiBranchSASE
FortiBridge
FortiCASB
FortiCNAPP
FortiCNP
FortiCWP
FortiCache
FortiCamera
FortiCamera Cloud
FortiCare Elite
FortiCarrier
FortiCentral
FortiClient
FortiClient Cloud
FortiCloud Services
FortiController
FortiConverter Service
FortiConverter Tool
FortiCore
FortiDAST
FortiDB
FortiDDoS
FortiDDoS-F
FortiDLP
FortiDLP Agent
FortiDLP Policies
FortiDNS
FortiData
FortiData Private Cloud
FortiDeceptor
FortiDeceptor DaaS
FortiDeceptor Private Cloud
FortiDeceptor Public Cloud
FortiDevSec
FortiDevice
FortiEDR/XDR
FortiEdge Cloud
FortiEndpoint
FortiExplorer
FortiExplorer Go
FortiExtender
FortiFlex
FortiFone
FortiGate / FortiOS
FortiGate CNF
FortiGate Cloud
FortiGate Private Cloud
FortiGate Public Cloud
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGate-as-a-Service
FortiGuest
FortiHypervisor
FortiIPAM
FortiIdentity Cloud
FortiInsight
FortiInsight Cloud
FortiIsolator
FortiIsolator Public Cloud
FortiLAN Cloud
FortiMail Appliance and VM
FortiMail Cloud - Hosted
FortiMail Workspace Security
FortiManager
FortiManager Cloud
FortiManager Private Cloud
FortiManager Public Cloud
FortiMonitor
FortiNAC
FortiNAC-F
FortiNDR
FortiNDR (on-premise) Private Cloud
FortiNDR (on-premise) Public Cloud
FortiNDR Cloud
FortiNDR Cloud Sensors
FortiPAM
FortiPAM Private Cloud
FortiPAM Public Cloud
FortiPhish
FortiPlanner
FortiPolicy
FortiPortal
FortiPortal Public Cloud
FortiPresence
FortiPresence VM
FortiProxy
FortiProxy Private Cloud
FortiProxy Public Cloud
FortiRPS
FortiRecon
FortiRecorder
FortiSASE
FortiSASE-Sovereign
FortiSAT
FortiSIEM
FortiSIEM Cloud
FortiSOAR
FortiSOAR Cloud
FortiSRA
FortiSRA Private Cloud
FortiSRA Public Cloud
FortiSandbox
FortiSandbox PaaS
FortiSandbox Private Cloud
FortiSandbox Public Cloud
FortiSwitch
FortiSwitch Manager
FortiSwitch-AX Chassis
FortiSwitchNMS
FortiTIP Cloud
FortiTap
FortiTelemetry
FortiTester
FortiTester Private Cloud
FortiTester Public Cloud
FortiToken
FortiVoice
FortiVoice Cloud
FortiVoice Private Cloud
FortiVoice Public Cloud
FortiWAN
FortiWAN Controller
FortiWLM
FortiWeb
FortiWeb Manager Private Cloud
FortiWeb Manager Public Cloud
FortiWeb Private Cloud
FortiWeb Public Cloud
FortiZTP
IPS Engine
Managed FortiGate Service
Overlay-as-a-Service
SOCaaS
Security Awareness and Training
Wireless Controller
Ordering Guides
AV Engine
AWS Firewall Rules
CTAP Cloud
Container FortiOS
FortiADC
FortiADC E Series
FortiADC Kubernetes Controller
FortiADC Manager
FortiAIOps
FortiAP / FortiWiFi
FortiAP-U Series
FortiAnalyzer
FortiAnalyzer BigData
FortiAppSec Cloud
FortiAuthenticator
FortiBranchSASE
FortiCASB
FortiCNAPP
FortiCWP
FortiCamera
FortiCare Elite
FortiCarrier
FortiCentral
FortiClient
FortiCloud Services
FortiController
FortiConverter Service
FortiConverter Tool
FortiDAST
FortiDDoS-F
FortiDLP
FortiDLP Agent
FortiDLP Policies
FortiData
FortiDeceptor
FortiDeceptor DaaS
FortiDevSec
FortiDevice
FortiEDR/XDR
FortiEdge Cloud
FortiEndpoint
FortiExplorer Go
FortiExtender
FortiFlex
FortiFone
FortiGate / FortiOS
FortiGate CNF
FortiGate Cloud
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGate-as-a-Service
FortiGuest
FortiHypervisor
FortiIPAM
FortiIdentity Cloud
FortiInsight
FortiIsolator
FortiMail Appliance and VM
FortiMail Workspace Security
FortiManager
FortiMonitor
FortiNAC
FortiNAC-F
FortiNDR
FortiNDR Cloud
FortiPAM
FortiPhish
FortiPolicy
FortiPortal
FortiPresence
FortiProxy
FortiRecon
FortiRecorder
FortiSASE
FortiSASE-Sovereign
FortiSIEM
FortiSOAR
FortiSRA
FortiSandbox
FortiSwitch
FortiSwitch Manager
FortiSwitch-AX Chassis
FortiSwitchNMS
FortiTIP Cloud
FortiTelemetry
FortiTester
FortiToken
FortiVoice
FortiWeb
FortiZTP
IPS Engine
Managed FortiGate Service
SOCaaS
Security Awareness and Training
Wireless Controller
Ordering Guides
All Products
AV Engine
AWS Firewall Rules
AscenLink
CTAP Cloud
Container FortiOS
FortiADC
FortiADC E Series
FortiADC Kubernetes Controller
FortiADC Manager
FortiADC Private Cloud
FortiADC Public Cloud
FortiAIOps
FortiAP / FortiWiFi
FortiAP-U Series
FortiAnalyzer
FortiAnalyzer BigData
FortiAnalyzer Cloud
FortiAnalyzer Private Cloud
FortiAnalyzer Public Cloud
FortiAppSec Cloud
FortiAuthenticator
FortiAuthenticator Cloud
FortiAuthenticator Private Cloud
FortiAuthenticator Public Cloud
FortiBalancer
FortiBranchSASE
FortiBridge
FortiCASB
FortiCNAPP
FortiCNP
FortiCWP
FortiCache
FortiCamera
FortiCamera Cloud
FortiCare Elite
FortiCarrier
FortiCentral
FortiClient
FortiClient Cloud
FortiCloud Services
FortiController
FortiConverter Service
FortiConverter Tool
FortiCore
FortiDAST
FortiDB
FortiDDoS
FortiDDoS-F
FortiDLP
FortiDLP Agent
FortiDLP Policies
FortiDNS
FortiData
FortiData Private Cloud
FortiDeceptor
FortiDeceptor DaaS
FortiDeceptor Private Cloud
FortiDeceptor Public Cloud
FortiDevSec
FortiDevice
FortiEDR/XDR
FortiEdge Cloud
FortiEndpoint
FortiExplorer
FortiExplorer Go
FortiExtender
FortiFlex
FortiFone
FortiGate / FortiOS
FortiGate CNF
FortiGate Cloud
FortiGate Private Cloud
FortiGate Public Cloud
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGate-as-a-Service
FortiGuest
FortiHypervisor
FortiIPAM
FortiIdentity Cloud
FortiInsight
FortiInsight Cloud
FortiIsolator
FortiIsolator Public Cloud
FortiLAN Cloud
FortiMail Appliance and VM
FortiMail Cloud - Hosted
FortiMail Workspace Security
FortiManager
FortiManager Cloud
FortiManager Private Cloud
FortiManager Public Cloud
FortiMonitor
FortiNAC
FortiNAC-F
FortiNDR
FortiNDR (on-premise) Private Cloud
FortiNDR (on-premise) Public Cloud
FortiNDR Cloud
FortiNDR Cloud Sensors
FortiPAM
FortiPAM Private Cloud
FortiPAM Public Cloud
FortiPhish
FortiPlanner
FortiPolicy
FortiPortal
FortiPortal Public Cloud
FortiPresence
FortiPresence VM
FortiProxy
FortiProxy Private Cloud
FortiProxy Public Cloud
FortiRPS
FortiRecon
FortiRecorder
FortiSASE
FortiSASE-Sovereign
FortiSAT
FortiSIEM
FortiSIEM Cloud
FortiSOAR
FortiSOAR Cloud
FortiSRA
FortiSRA Private Cloud
FortiSRA Public Cloud
FortiSandbox
FortiSandbox PaaS
FortiSandbox Private Cloud
FortiSandbox Public Cloud
FortiSwitch
FortiSwitch Manager
FortiSwitch-AX Chassis
FortiSwitchNMS
FortiTIP Cloud
FortiTap
FortiTelemetry
FortiTester
FortiTester Private Cloud
FortiTester Public Cloud
FortiToken
FortiVoice
FortiVoice Cloud
FortiVoice Private Cloud
FortiVoice Public Cloud
FortiWAN
FortiWAN Controller
FortiWLM
FortiWeb
FortiWeb Manager Private Cloud
FortiWeb Manager Public Cloud
FortiWeb Private Cloud
FortiWeb Public Cloud
FortiZTP
IPS Engine
Managed FortiGate Service
Overlay-as-a-Service
SOCaaS
Security Awareness and Training
Wireless Controller
Ordering Guides
FortiGate / FortiOS
FortiManager
FortiAnalyzer
EMS Administration Guide
Introduction
FortiClient EMS components
Documentation
Getting started
Getting started with managing Windows, macOS, and Linux endpoints
Initially deploying FortiClient software to endpoints
Pushing configuration information to FortiClient
Relationship between FortiClient EMS, FortiGate, and FortiClient
FortiClient in the Security Fabric
FortiClient with EMS
Quarantining an endpoint from FortiOS using EMS
Getting started with managing Chromebooks
Configuring FortiClient EMS for Chromebooks
Configuring the Google Admin console
Deploying a profile to Chromebooks
How FortiClient EMS and FortiClient work with Chromebooks
Installation preparation
System requirements
License types
FortiClient EMS
Free trial license
Windows, macOS, and Linux licenses
Chromebook licenses
Component applications
Required services and ports
Telemetry data usage requirements
Management capacity
Hardware configuration when EMS and Postgres run on same machine with no FortiGate connected
Hardware configuration when EMS and Postgres run on different machines with no FortiGate connected
Hardware configuration when there are FortiGates connected to the EMS
FortiClient Telemetry security features
Server readiness checklist for installation
Upgrading EMS
Upgrading from an earlier FortiClient EMS 7.4 version
Automatically upgrading EMS to latest patch release
Upgrading EMS in HA
Install preparation for managing Chromebooks
Installation and licensing
Downloading the installation file
Installing FortiClient EMS 7.4
Migrating EMS 7.2.10 or 7.2.12 to 7.4.5
Linux or VM
Docker
Kubernetes
Installation
Installing EMS in standalone mode with a local DB
Installing EMS with Postgres in Docker
Installing EMS with standalone remote DB without Docker
Deploying EMS with Docker Compose
Deploying EMS on Kubernetes
Deploying EMS as a VM image
Installation parameters
Starting FortiClient EMS and logging in
Configuring EMS after installation
Licensing FortiClient EMS
Licensing EMS by logging in to FortiCloud
Importing an EMS license via FortiFlex
Uploading a license file
License status
Help with licensing
Uninstalling FortiClient EMS
Installation and setup for managing Chromebooks
Google Admin Console setup
Logging into the Google Admin console
Adding the FortiClient Web Filter extension
Configuring the FortiClient Web Filter extension
Adding root certificates
Communication with the FortiClient Chromebook Web Filter extension
Communication with FortiAnalyzer for logging
Summary of where to add certificates
Uploading root certificates to the Google Admin console
Disabling access to Chrome developer tools
Disallowing incognito mode
Disabling guest mode
Blocking the Chrome task manager
Verifying the FortiClient Web Filter extension
Service account credentials
Configuring default service account credentials
Configuring unique service account credentials
Creating unique service account credentials
Delegating domain-wide authority to the service account
Adding service account credentials to EMS
Verifying ports and services
Automating EMS DB backups
GUI
Banner
Left pane
Content pane
Open Source Licensing Requirements
Dashboard
Viewing the Status
System Information widget
License Information widget
Status charts and widgets
Viewing the Vulnerability Scan dashboard
Viewing current vulnerabilities
Viewing the Endpoint Scan Status
Viewing the top 10 vulnerable endpoints with high risk vulnerabilities
Viewing top ten vulnerabilities on endpoints
Viewing the Performance dashboard
Viewing the Forensics Analysis dashboard
Viewing the PUA dashboard
Viewing Chromebook Status
Endpoint management
Windows, macOS, and Linux endpoints
Managing groups
Adding endpoints
Adding endpoints using an AD domain server
Adding endpoints using an Entra ID server
Connecting manually from FortiClient
Viewing endpoints
Viewing the Endpoints pane
Sending endpoints one-way message
Using the quick status bar
Viewing endpoint details
Filtering the list of endpoints
Using bookmarks to filter the list of endpoints
Viewing Sandbox event details
Sending endpoint classification tags to FortiAnalyzer
Exporting endpoint information
Managing endpoints
Running AV scans on endpoints
Running vulnerability scans on endpoints
Patching vulnerabilities on endpoints
Uploading FortiClient logs
Running the FortiClient diagnostic tool
Updating signatures
Downloading available FortiClient logs
Downloading available diagnostic results
Disconnecting and connecting endpoints
Quarantining an endpoint
Quarantining an endpoint from FortiOS using EMS
Excluding endpoints from management
Deleting endpoints
Requesting forensic analysis on an endpoint
All Events
Installing EMS with ES integration
Enabling ES integration after EMS install
EMS event-specific indexes
ES sizing
Required ES permissions
Index lifecycle
Group assignment rules
Group assignment rule types
Managing group assignment rule priority levels
Adding a group assignment rule
Enabling/disabling a group assignment rule
Deleting a group assignment rule
Google Domains
Adding a Google domain
Viewing domains
Viewing the Google Users pane
Viewing user details
Editing a domain
Deleting a domain
Deployment & Installers
Manage Deployment
Creating a deployment configuration
Managing deployment configuration priority levels
Enabling or disabling a deployment configuration
Deleting a deployment configuration
Deploying FortiClient upgrades from FortiClient EMS
Deploying different installer IDs to endpoints using the same deployment package
FortiClient Installer
Adding a FortiClient installer
Adding a FortiClient hotfix installer
Viewing deployment packages
Deleting a FortiClient deployment package
Endpoint Policy & Components
Manage Policies
Adding an endpoint policy
Editing an endpoint policy
Deleting an endpoint policy
Enabling/disabling an endpoint policy
Managing endpoint policy priority levels
Editing endpoint policy view
FortiClient management based on Active Directory user/user groups
CA Certificates
On-fabric Detection Rules
Source IP address anchoring for IPsec VPN
Chromebook Policy
Endpoint Profiles
Editing a default profile
Creating a new profile
Adding a new Chromebook profile
Managing profiles
Editing a profile
Cloning a profile
Syncing profile changes
Editing sync schedules
Exporting a profile
Importing a profile
Deleting profiles
Remote Access
SSL VPN
IPsec VPN
Configuring a profile with application-based split tunnel
Configuring a profile to allow or block endpoint from VPN tunnel connection based on the applied security posture tag
Configuring a backup VPN connection
Using a browser as an external user-agent for SAML authentication in an SSL VPN connection
Per-machine prelogon VPN connection without user interaction
Autoconnect on logging in as an Entra ID user
Load balancing IPsec VPN gateways with a single FQDN
Load balancing SSL VPN gateways with one FQDN
Certificate path configuration for automated certificate selection
Autoconnect to IPsec VPN using Entra ID logon session information
IPsec VPN SAML-based authentication
Windows Hello Business support for FortiGate SAML-based IPsec VPN
IPsec VPN support for traffic going through FortiADC
IPsec VPN over TCP
Dual IPsec VPN tunnel support
Troubleshooting IPsec VPN IKEv1
ZTNA Destinations
Wildcard support for ZTNA FQDN rules
FQDN-based ZTNA TCP forwarding services
ZTNA automatic login using Microsoft Entra ID
Web Filter
Importing a Web profile from FortiOS or FortiManager
Enabling and disabling Safe Search
Configuring banned word check in URL
Syncing remote categories from imported FortiOS or FortiManager Web Filter profile
Using Referrer Host on Windows, macOS, Linux, and Chromebooks
Video Filter
Vulnerability Scan
Malware Protection
Sandbox
Firewall
Define exceptions for Firewall Detect & Block Exploits feature
Data Protection
Configuring FortiData integration
FortiDeceptor Campaign
System Settings
Configuring identity compliance for endpoints
FortiPAM integration
Add FortiPAM agent to SSOMA
Configuring SSOMA with AD
Sending email events from the Microsoft Exchange server
XML Configuration
Creating a profile with XML
Importing a profile from an XML file
Configuring encrypted ZTNA rules
Security Posture Tags
Tags
Adding a security posture tag
Editing a security posture tag
Deleting a security posture tag
Importing and exporting a security posture tag
Security posture tagging rule types
Tag Monitor
FortiOS dynamic policies using EMS dynamic tags
Configuring FortiOS dynamic policies using EMS security posture tags
Fabric Device Monitor
Fabric & Connectors
Fabric Devices
Configuring EMS to share tagging information with multiple FortiGates
Configuring FortiGate per-VDOM connection
Creating connectors with OAuth 2.0 token-based authentication
Matched endpoints and resolved addresses
Troubleshooting
ZTNA Applications Catalog
FortiGuard Outbreak Alerts
Software Inventory
Applications
Hosts
Quarantine Management
Files
Viewing quarantined files
Allowlisting quarantined files
Configuring quarantine management
Allowlist
Viewing allowlisted files
Editing file descriptions
Deleting a file from the allowlist
Administration
Admin Users
Viewing users
Configuring user accounts
Activating a disabled account
Resetting the password for a local administrator
Using the PasswordRecovery tool
Admin roles
Adding an admin role
Cloning an admin role
Deleting admin roles
Admin role permissions reference
Authentication Servers
Adding an ADDS server
Adding an Entra ID server
Adding an API key
AD connector
Configuring Admin User Settings
SAML SSO
SAML SSO with FortiGate as IdP
SAML SSO with Okta as IdP
SAML SSO with Entra ID as IdP
SAML SSO with AD FS as IdP
SAML SSO with FortiAuthenticator as IdP
RADIUS
Log Viewer
Generate Diagnostic Logs
User Management
Authorized User Groups
Verified Users
Unverified Users
Local users
SAML Configuration
Invitations
Configuring user verification with an LDAP server for authentication
Configuring user verification with SAML authentication and an LDAP domain user account
Configuring user verification with Entra ID authentication
Configuring user verification with SAML authentication and an Entra ID server user account
Configuring user verification with SAML authentication and an Okta user account
Troubleshooting SAML user verification failure
System Settings
Configuring EMS settings
Generating a QR code for centrally managing FortiClient (Android) and (iOS) endpoints
Persistent connection
JWT support for ZTNA UID and tag sharing
Uploading custom certificate and private key for ZTNA
Uninstalling all endpoints
Configuring Logs settings
Sending EMS system log messages to FortiAnalyzer
Configuring FortiGuard Services settings
EMS Server Certificates
Adding an SSL certificate to FortiClient EMS
Alerts
Configuring EMS Alerts
Configuring Endpoint Alerts
Configuring SMTP Server settings
Viewing alerts
Custom Messages
Customizing the endpoint quarantine message
Customizing Web Filter messages
Invitation Email Template
Feature Select
MDM Integration
Deploying ZTNA certificates to FortiClient mobile via MDM
Multitenancy
Enabling and configuring multitenancy
Global and per-site configuration
Global configuration
Site level configuration
Left pane with multitenancy enabled
Editing a site
Adding a multitenancy administrator
Logging into EMS with multitenancy enabled
Fabric connection setup using FortiGate as a load balancer
Migrating to another EMS instance
FortiClient EMS API
Appendix A - FortiClient EMS services
Appendix B - FortiClient EMS VM password recovery
Hyper-V
KVM
Proxmox
VirtualBox
VMware ESXi
Change log
Home
FortiClient 7.4.5
EMS Administration Guide
7.4.5
7.4.5
7.4.4
7.4.3
7.4.1
7.4.0
7.2.13
7.2.12
7.2.10
7.2.9
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.13
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.9
6.4.8
6.4.7
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.9
6.2.8
6.2.7
6.2.6
6.2.4
6.2.3
6.2.2
6.2.1
6.2.0
6.0.8
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
Managing profiles
Managing profiles
You can manage profiles from the
Endpoint Profiles
pane.
Previous
Next
Managing profiles
Managing profiles
You can manage profiles from the
Endpoint Profiles
pane.
Previous
Next
Home
Products
Summary
Secure Networking
Hybrid Mesh Firewall
FortiGate/FortiOS
FortiGate-5000
FortiGate-6000
FortiGate-7000
NOC Management
FortiManager
FortiManager Cloud
Managed Fortigate Service
LAN
FortiSwitch
FortiAP/FortiWiFi
FortiEdge Cloud
FortiNAC-F
WAN
Secure SD-WAN
FortiExtender
More >>
Hybrid Mesh Firewall
FortiGate/FortiOS
FortiGate-5000
FortiGate-6000
FortiGate-7000
NOC Management
FortiManager
FortiManager Cloud
Managed Fortigate Service
FortiAIOps
LAN
FortiSwitch
FortiAP/FortiWiFi
FortiAP-U Series
FortiEdge Cloud
FortiNAC-F
WAN
Secure SD-WAN
FortiExtender
Communication & Surveillance
FortiVoice
FortiVoice Cloud
FortiFone
FortiCamera
FortiRecorder
FortiCentral
Unified SASE
Single Vendor SASE
FortiSASE
Secure SD-WAN
Zero Trust Network Access (ZTNA)
FortiProxy
FortiMonitor
Cloud Network Security
FortiGate Public Cloud
FortiGate Private Cloud
FortiGate CNF
FortiFlex
Lacework FortiCNAPP
Secure Endpoint Connectivity
FortiClient
FortiClient Cloud
Web Application / API Protection
FortiWeb
FortiADC
FortiAppSec Cloud
FortiDAST
More >>
Single Vendor SASE
FortiSASE
Secure SD-WAN
Zero Trust Network Access (ZTNA)
FortiProxy
FortiMonitor
Secure Endpoint Connectivity
FortiClient
FortiClient Cloud
Cloud Network Security
FortiGate Public Cloud
FortiGate Private Cloud
FortiGate CNF
FortiFlex
Cloud-Native Security
Lacework FortiCNAPP
FortiDevSec
Web Application / API Protection
FortiWeb
FortiADC
FortiAppSec Cloud
FortiDAST
Security Operations
Security Operations Automation
FortiAnalyzer
FortiAnalyzer Cloud
FortiSIEM
FortiSIEM Cloud
FortiSOAR
SOC-as-a-Service (SOCaaS)
Identity
FortiAuthenticator
FortiAuthenticator Cloud
FortiPAM
Early Detection & Prevention
FortiSandbox
FortiSandbox Cloud
FortiNDR
FortiNDR Cloud
FortiDeceptor
FortiRecon
More >>
Security Operations Automation
FortiAnalyzer
FortiAnalyzer Cloud
FortiSIEM
FortiSIEM Cloud
FortiSOAR
Endpoint
FortiClient
FortiClient Cloud
FortiEDR/XDR
Data Protection
FortiDLP
FortiDLP Agent
FortiDLP Policies
Identity
FortiAuthenticator
FortiAuthenticator Cloud
FortiToken
FortiIdentity Cloud
FortiPAM
Email
FortiMail
FortiPhish
Early Detection & Prevention
FortiSandbox
FortiSandbox Cloud
FortiNDR
FortiNDR Cloud
FortiDeceptor
FortiRecon
Expert Services
SOC-as-a-Service (SOCaaS)
By Solution
Secure Networking
Hybrid Mesh Firewall
FortiGate/FortiOS
FortiGate-5000
FortiGate-6000
FortiGate-7000
NOC Management
FortiManager
FortiManager Cloud
Managed Fortigate Service
FortiAIOps
LAN
FortiSwitch
FortiAP/FortiWiFi
FortiAP-U Series
FortiEdge Cloud
FortiNAC-F
WAN
Secure SD-WAN
FortiExtender
Communication & Surveillance
FortiVoice
FortiVoice Cloud
FortiFone
FortiCamera
FortiRecorder
FortiCentral
Unified SASE
Single Vendor SASE
FortiSASE
Secure SD-WAN
Zero Trust Network Access (ZTNA)
FortiProxy
FortiMonitor
Secure Endpoint Connectivity
FortiClient
FortiClient Cloud
Cloud Network Security
FortiGate Public Cloud
FortiGate Private Cloud
FortiGate CNF
FortiFlex
Cloud-Native Security
Lacework FortiCNAPP
FortiDevSec
Web Application / API Protection
FortiWeb
FortiADC
FortiAppSec Cloud
FortiDAST
Security Operations
Security Operations Automation
FortiAnalyzer
FortiAnalyzer Cloud
FortiSIEM
FortiSIEM Cloud
FortiSOAR
Endpoint
FortiClient
FortiClient Cloud
FortiEDR/XDR
Data Protection
FortiDLP
FortiDLP Agent
FortiDLP Policies
Identity
FortiAuthenticator
FortiAuthenticator Cloud
FortiToken
FortiIdentity Cloud
FortiPAM
Email
FortiMail
FortiPhish
Early Detection & Prevention
FortiSandbox
FortiSandbox Cloud
FortiNDR
FortiNDR Cloud
FortiDeceptor
FortiRecon
Expert Services
SOC-as-a-Service (SOCaaS)
By 4D Pillars
Secure SD-WAN
Edge Firewall
FortiGate/FortiOS
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGate Public Cloud
FortiGate Private Cloud
Orchestration & management
FortiManager
FortiManager Cloud
FortiAnalyzer
FortiAnalyzer Cloud
Overlay-as-a-Service
SD Branch
FortiSwitch
FortiAP/FortiWiFi
FortiExtender
FortiExtender Cloud
Application Delivery
FortiADC
FortiGSLB
Secure Access Service Edge(SASE)
Single Vendor SASE
FortiSASE
Secure Endpoint Connectivity
FortiClient
FortiClient Cloud
Secure Private Access
Secure SD-WAN
Zero Trust Network Access (ZTNA)
Thin Edge
FortiGate/FortiOS
FortiAP/FortiWiFi
FortiExtender
FortiExtender Cloud
Identity
FortiAuthenticator
FortiAuthenticator Cloud
FortiIdentity Cloud
FortiToken
ZTNA
Application Gateway
FortiGate/FortiOS
FortiProxy
FortiADC
FortiGSLB
Enterprise Asset Management
FortiClient EMS
Endpoint Agent
FortiClient
FortiClient Cloud
Agentless Security Posture
FortiNAC-F
FortiSIEM
FortiSIEM Cloud
Identity
FortiAuthenticator
FortiAuthenticator Cloud
FortiIdentity Cloud
FortiToken
LAN Edge
Wireless
FortiAP/FortiWiFi
FortiAP-U Series
FortiGate Cloud
Switching
FortiSwitch
FortiEdge Cloud
FortiNAC-F
Identity and Access Management
Identity
FortiAuthenticator
FortiAuthenticator Cloud
FortiIdentity Cloud
FortiToken
Privilege Acccess Management
FortiPAM
Next Generation Firewall
Next Generation Firewall
FortiGate/FortiOS
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGate Public Cloud
FortiGate Private Cloud
Orchestration & management
FortiManager
FortiManager Cloud
FortiAnalyzer
FortiAnalyzer Cloud
Expert Services
SOC-as-a-Service (SOCaaS)
Managed Fortigate Service
Web Application Firewall
Web Application / API Protection
FortiWeb
FortiAppSec Cloud
By Cloud
Public Cloud
All
FortiADC Public Cloud
FortiAnalyzer Public Cloud
FortiAuthenticator Public Cloud
FortiDeceptor Public Cloud
FortiGate Public Cloud
FortiIsolator Public Cloud
FortiManager Public Cloud
FortiNDR Public Cloud
FortiPAM Public Cloud
FortiPortal Public Cloud
FortiProxy Public Cloud
FortiSandbox Public Cloud
FortiTester Public Cloud
FortiVoice Public Cloud
FortiWeb Manager Public Cloud
FortiWeb Public Cloud
Private Cloud
All
FortiADC Private Cloud
FortiAnalyzer BigData Private Cloud
FortiAnalyzer Private Cloud
FortiAuthenticator Private Cloud
FortiDeceptor Private Cloud
FortiGate Private Cloud
FortiManager Private Cloud
FortiNDR Private Cloud
FortiPAM Private Cloud
FortiProxy Private Cloud
FortiSandbox Private Cloud
FortiTester Private Cloud
FortiVoice Private Cloud
FortiWeb Manager Private Cloud
FortiWeb Private Cloud
FortiCloud
Account Management
FortiCloud Services
SAAS Management
FortiGate Cloud
FortiClient Cloud
FortiEdge Cloud
FortiExtender Cloud
FortiPresence Cloud
FortiIdentity Cloud
FortiAuthenticator Cloud
FortiZTP
FortiCamera Cloud
SAAS Application Security
FortiWeb Cloud
FortiGSLB
FortiCASB
FortiCNP
FortiInsight
FortiPhish
FortiGate CNF
Best Practices
4D Resources
Define, Design, Deploy, Demo
Define, design, deploy, demo
4D Pillars
Secure SD-WAN
Zero Trust Access
Wireless
Switching
Secure Access Service Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Solution Hubs
Curated Links by Solution
Curated Links by Solution
Cloud
FortiCloud
Public & Private Cloud
Popular Solutions
Secure SD-WAN
Zero Trust Network Access
Secure Access
Security Fabric
Tele-Working
Multi-Factor Authentication
FortiASIC
Operational Technology
MSSP
Next Generation Firewall
Hardware Guides
FortiAIOps
FortiAnalyzer
FortiAnalyzer Big-Data
FortiADC
FortiAP/FortiWiFi
FortiAP U-Series
FortiAuthenticator
FortiBranchSASE
FortiCache
FortiCamera
FortiCarrier
FortiController
FortiDDoS
FortiDDoS-F
FortiDeceptor
FortiExtender
FortiFone
FortiGate
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiHypervisor
FortiIsolator
FortiMail
FortiManager
FortiNAC
FortiNDR
FortiNDR Cloud
FortiProxy
FortiRecorder
FortiRPS
FortiSandbox
FortiSIEM
FortiSwitch
FortiTester
FortiToken
FortiVoice
FortiWAN
FortiWeb
FortiWLC
FortiWLM
Products A-Z
AV Engine
AWS Firewall Rules
AscenLink
CTAP Cloud
Container FortiOS
FortiADC
FortiADC E Series
FortiADC Kubernetes Controller
FortiADC Manager
FortiADC Private Cloud
FortiADC Public Cloud
FortiAIOps
FortiAP / FortiWiFi
FortiAP-U Series
FortiAnalyzer
FortiAnalyzer BigData
FortiAnalyzer Cloud
FortiAnalyzer Private Cloud
FortiAnalyzer Public Cloud
FortiAppSec Cloud
FortiAuthenticator
FortiAuthenticator Cloud
FortiAuthenticator Private Cloud
FortiAuthenticator Public Cloud
FortiBalancer
FortiBranchSASE
FortiBridge
FortiCASB
FortiCNAPP
FortiCNP
FortiCWP
FortiCache
FortiCamera
FortiCamera Cloud
FortiCare Elite
FortiCarrier
FortiCentral
FortiClient
FortiClient Cloud
FortiCloud Services
FortiController
FortiConverter Service
FortiConverter Tool
FortiCore
FortiDAST
FortiDB
FortiDDoS
FortiDDoS-F
FortiDLP
FortiDLP Agent
FortiDLP Policies
FortiDNS
FortiData
FortiData Private Cloud
FortiDeceptor
FortiDeceptor DaaS
FortiDeceptor Private Cloud
FortiDeceptor Public Cloud
FortiDevSec
FortiDevice
FortiEDR/XDR
FortiEdge Cloud
FortiEndpoint
FortiExplorer
FortiExplorer Go
FortiExtender
FortiFlex
FortiFone
FortiGate / FortiOS
FortiGate CNF
FortiGate Cloud
FortiGate Private Cloud
FortiGate Public Cloud
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGate-as-a-Service
FortiGuest
FortiHypervisor
FortiIPAM
FortiIdentity Cloud
FortiInsight
FortiInsight Cloud
FortiIsolator
FortiIsolator Public Cloud
FortiLAN Cloud
FortiMail Appliance and VM
FortiMail Cloud - Hosted
FortiMail Workspace Security
FortiManager
FortiManager Cloud
FortiManager Private Cloud
FortiManager Public Cloud
FortiMonitor
FortiNAC
FortiNAC-F
FortiNDR
FortiNDR (on-premise) Private Cloud
FortiNDR (on-premise) Public Cloud
FortiNDR Cloud
FortiNDR Cloud Sensors
FortiPAM
FortiPAM Private Cloud
FortiPAM Public Cloud
FortiPhish
FortiPlanner
FortiPolicy
FortiPortal
FortiPortal Public Cloud
FortiPresence
FortiPresence VM
FortiProxy
FortiProxy Private Cloud
FortiProxy Public Cloud
FortiRPS
FortiRecon
FortiRecorder
FortiSASE
FortiSASE-Sovereign
FortiSAT
FortiSIEM
FortiSIEM Cloud
FortiSOAR
FortiSOAR Cloud
FortiSRA
FortiSRA Private Cloud
FortiSRA Public Cloud
FortiSandbox
FortiSandbox PaaS
FortiSandbox Private Cloud
FortiSandbox Public Cloud
FortiSwitch
FortiSwitch Manager
FortiSwitch-AX Chassis
FortiSwitchNMS
FortiTIP Cloud
FortiTap
FortiTelemetry
FortiTester
FortiTester Private Cloud
FortiTester Public Cloud
FortiToken
FortiVoice
FortiVoice Cloud
FortiVoice Private Cloud
FortiVoice Public Cloud
FortiWAN
FortiWAN Controller
FortiWLM
FortiWeb
FortiWeb Manager Private Cloud
FortiWeb Manager Public Cloud
FortiWeb Private Cloud
FortiWeb Public Cloud
FortiZTP
IPS Engine
Managed FortiGate Service
Overlay-as-a-Service
SOCaaS
Security Awareness and Training
Wireless Controller
Ordering Guides
AV Engine
AWS Firewall Rules
CTAP Cloud
Container FortiOS
FortiADC
FortiADC E Series
FortiADC Kubernetes Controller
FortiADC Manager
FortiAIOps
FortiAP / FortiWiFi
FortiAP-U Series
FortiAnalyzer
FortiAnalyzer BigData
FortiAppSec Cloud
FortiAuthenticator
FortiBranchSASE
FortiCASB
FortiCNAPP
FortiCWP
FortiCamera
FortiCare Elite
FortiCarrier
FortiCentral
FortiClient
FortiCloud Services
FortiController
FortiConverter Service
FortiConverter Tool
FortiDAST
FortiDDoS-F
FortiDLP
FortiDLP Agent
FortiDLP Policies
FortiData
FortiDeceptor
FortiDeceptor DaaS
FortiDevSec
FortiDevice
FortiEDR/XDR
FortiEdge Cloud
FortiEndpoint
FortiExplorer Go
FortiExtender
FortiFlex
FortiFone
FortiGate / FortiOS
FortiGate CNF
FortiGate Cloud
FortiGate-5000
FortiGate-6000
FortiGate-7000
FortiGate-as-a-Service
FortiGuest
FortiHypervisor
FortiIPAM
FortiIdentity Cloud
FortiInsight
FortiIsolator
FortiMail Appliance and VM
FortiMail Workspace Security
FortiManager
FortiMonitor
FortiNAC
FortiNAC-F
FortiNDR
FortiNDR Cloud
FortiPAM
FortiPhish
FortiPolicy
FortiPortal
FortiPresence
FortiProxy
FortiRecon
FortiRecorder
FortiSASE
FortiSASE-Sovereign
FortiSIEM
FortiSOAR
FortiSRA
FortiSandbox
FortiSwitch
FortiSwitch Manager
FortiSwitch-AX Chassis
FortiSwitchNMS
FortiTIP Cloud
FortiTelemetry
FortiTester
FortiToken
FortiVoice
FortiWeb
FortiZTP
IPS Engine
Managed FortiGate Service
SOCaaS
Security Awareness and Training
Wireless Controller
Ordering Guides
Download PDF
Table of Contents
Introduction
FortiClient EMS components
Documentation
Getting started
Getting started with managing Windows, macOS, and Linux endpoints
Initially deploying FortiClient software to endpoints
Pushing configuration information to FortiClient
Relationship between FortiClient EMS, FortiGate, and FortiClient
FortiClient in the Security Fabric
FortiClient with EMS
Quarantining an endpoint from FortiOS using EMS
Getting started with managing Chromebooks
Configuring FortiClient EMS for Chromebooks
Configuring the Google Admin console
Deploying a profile to Chromebooks
How FortiClient EMS and FortiClient work with Chromebooks
Installation preparation
System requirements
License types
FortiClient EMS
Free trial license
Windows, macOS, and Linux licenses
Chromebook licenses
Component applications
Required services and ports
Telemetry data usage requirements
Management capacity
Hardware configuration when EMS and Postgres run on same machine with no FortiGate connected
Hardware configuration when EMS and Postgres run on different machines with no FortiGate connected
Hardware configuration when there are FortiGates connected to the EMS
FortiClient Telemetry security features
Server readiness checklist for installation
Upgrading EMS
Upgrading from an earlier FortiClient EMS 7.4 version
Automatically upgrading EMS to latest patch release
Upgrading EMS in HA
Install preparation for managing Chromebooks
Installation and licensing
Downloading the installation file
Installing FortiClient EMS 7.4
Migrating EMS 7.2.10 or 7.2.12 to 7.4.5
Linux or VM
Docker
Kubernetes
Installation
Installing EMS in standalone mode with a local DB
Installing EMS with Postgres in Docker
Installing EMS with standalone remote DB without Docker
Deploying EMS with Docker Compose
Deploying EMS on Kubernetes
Deploying EMS as a VM image
Installation parameters
Starting FortiClient EMS and logging in
Configuring EMS after installation
Licensing FortiClient EMS
Licensing EMS by logging in to FortiCloud
Importing an EMS license via FortiFlex
Uploading a license file
License status
Help with licensing
Uninstalling FortiClient EMS
Installation and setup for managing Chromebooks
Google Admin Console setup
Logging into the Google Admin console
Adding the FortiClient Web Filter extension
Configuring the FortiClient Web Filter extension
Adding root certificates
Communication with the FortiClient Chromebook Web Filter extension
Communication with FortiAnalyzer for logging
Summary of where to add certificates
Uploading root certificates to the Google Admin console
Disabling access to Chrome developer tools
Disallowing incognito mode
Disabling guest mode
Blocking the Chrome task manager
Verifying the FortiClient Web Filter extension
Service account credentials
Configuring default service account credentials
Configuring unique service account credentials
Creating unique service account credentials
Delegating domain-wide authority to the service account
Adding service account credentials to EMS
Verifying ports and services
Automating EMS DB backups
GUI
Banner
Left pane
Content pane
Open Source Licensing Requirements
Dashboard
Viewing the Status
System Information widget
License Information widget
Status charts and widgets
Viewing the Vulnerability Scan dashboard
Viewing current vulnerabilities
Viewing the Endpoint Scan Status
Viewing the top 10 vulnerable endpoints with high risk vulnerabilities
Viewing top ten vulnerabilities on endpoints
Viewing the Performance dashboard
Viewing the Forensics Analysis dashboard
Viewing the PUA dashboard
Viewing Chromebook Status
Endpoint management
Windows, macOS, and Linux endpoints
Managing groups
Adding endpoints
Adding endpoints using an AD domain server
Adding endpoints using an Entra ID server
Connecting manually from FortiClient
Viewing endpoints
Viewing the Endpoints pane
Sending endpoints one-way message
Using the quick status bar
Viewing endpoint details
Filtering the list of endpoints
Using bookmarks to filter the list of endpoints
Viewing Sandbox event details
Sending endpoint classification tags to FortiAnalyzer
Exporting endpoint information
Managing endpoints
Running AV scans on endpoints
Running vulnerability scans on endpoints
Patching vulnerabilities on endpoints
Uploading FortiClient logs
Running the FortiClient diagnostic tool
Updating signatures
Downloading available FortiClient logs
Downloading available diagnostic results
Disconnecting and connecting endpoints
Quarantining an endpoint
Quarantining an endpoint from FortiOS using EMS
Excluding endpoints from management
Deleting endpoints
Requesting forensic analysis on an endpoint
All Events
Installing EMS with ES integration
Enabling ES integration after EMS install
EMS event-specific indexes
ES sizing
Required ES permissions
Index lifecycle
Group assignment rules
Group assignment rule types
Managing group assignment rule priority levels
Adding a group assignment rule
Enabling/disabling a group assignment rule
Deleting a group assignment rule
Google Domains
Adding a Google domain
Viewing domains
Viewing the Google Users pane
Viewing user details
Editing a domain
Deleting a domain
Deployment & Installers
Manage Deployment
Creating a deployment configuration
Managing deployment configuration priority levels
Enabling or disabling a deployment configuration
Deleting a deployment configuration
Deploying FortiClient upgrades from FortiClient EMS
Deploying different installer IDs to endpoints using the same deployment package
FortiClient Installer
Adding a FortiClient installer
Adding a FortiClient hotfix installer
Viewing deployment packages
Deleting a FortiClient deployment package
Endpoint Policy & Components
Manage Policies
Adding an endpoint policy
Editing an endpoint policy
Deleting an endpoint policy
Enabling/disabling an endpoint policy
Managing endpoint policy priority levels
Editing endpoint policy view
FortiClient management based on Active Directory user/user groups
CA Certificates
On-fabric Detection Rules
Source IP address anchoring for IPsec VPN
Chromebook Policy
Endpoint Profiles
Editing a default profile
Creating a new profile
Adding a new Chromebook profile
Managing profiles
Editing a profile
Cloning a profile
Syncing profile changes
Editing sync schedules
Exporting a profile
Importing a profile
Deleting profiles
Remote Access
SSL VPN
IPsec VPN
Configuring a profile with application-based split tunnel
Configuring a profile to allow or block endpoint from VPN tunnel connection based on the applied security posture tag
Configuring a backup VPN connection
Using a browser as an external user-agent for SAML authentication in an SSL VPN connection
Per-machine prelogon VPN connection without user interaction
Autoconnect on logging in as an Entra ID user
Load balancing IPsec VPN gateways with a single FQDN
Load balancing SSL VPN gateways with one FQDN
Certificate path configuration for automated certificate selection
Autoconnect to IPsec VPN using Entra ID logon session information
IPsec VPN SAML-based authentication
Windows Hello Business support for FortiGate SAML-based IPsec VPN
IPsec VPN support for traffic going through FortiADC
IPsec VPN over TCP
Dual IPsec VPN tunnel support
Troubleshooting IPsec VPN IKEv1
ZTNA Destinations
Wildcard support for ZTNA FQDN rules
FQDN-based ZTNA TCP forwarding services
ZTNA automatic login using Microsoft Entra ID
Web Filter
Importing a Web profile from FortiOS or FortiManager
Enabling and disabling Safe Search
Configuring banned word check in URL
Syncing remote categories from imported FortiOS or FortiManager Web Filter profile
Using Referrer Host on Windows, macOS, Linux, and Chromebooks
Video Filter
Vulnerability Scan
Malware Protection
Sandbox
Firewall
Define exceptions for Firewall Detect & Block Exploits feature
Data Protection
Configuring FortiData integration
FortiDeceptor Campaign
System Settings
Configuring identity compliance for endpoints
FortiPAM integration
Add FortiPAM agent to SSOMA
Configuring SSOMA with AD
Sending email events from the Microsoft Exchange server
XML Configuration
Creating a profile with XML
Importing a profile from an XML file
Configuring encrypted ZTNA rules
Security Posture Tags
Tags
Adding a security posture tag
Editing a security posture tag
Deleting a security posture tag
Importing and exporting a security posture tag
Security posture tagging rule types
Tag Monitor
FortiOS dynamic policies using EMS dynamic tags
Configuring FortiOS dynamic policies using EMS security posture tags
Fabric Device Monitor
Fabric & Connectors
Fabric Devices
Configuring EMS to share tagging information with multiple FortiGates
Configuring FortiGate per-VDOM connection
Creating connectors with OAuth 2.0 token-based authentication
Matched endpoints and resolved addresses
Troubleshooting
ZTNA Applications Catalog
FortiGuard Outbreak Alerts
Software Inventory
Applications
Hosts
Quarantine Management
Files
Viewing quarantined files
Allowlisting quarantined files
Configuring quarantine management
Allowlist
Viewing allowlisted files
Editing file descriptions
Deleting a file from the allowlist
Administration
Admin Users
Viewing users
Configuring user accounts
Activating a disabled account
Resetting the password for a local administrator
Using the PasswordRecovery tool
Admin roles
Adding an admin role
Cloning an admin role
Deleting admin roles
Admin role permissions reference
Authentication Servers
Adding an ADDS server
Adding an Entra ID server
Adding an API key
AD connector
Configuring Admin User Settings
SAML SSO
SAML SSO with FortiGate as IdP
SAML SSO with Okta as IdP
SAML SSO with Entra ID as IdP
SAML SSO with AD FS as IdP
SAML SSO with FortiAuthenticator as IdP
RADIUS
Log Viewer
Generate Diagnostic Logs
User Management
Authorized User Groups
Verified Users
Unverified Users
Local users
SAML Configuration
Invitations
Configuring user verification with an LDAP server for authentication
Configuring user verification with SAML authentication and an LDAP domain user account
Configuring user verification with Entra ID authentication
Configuring user verification with SAML authentication and an Entra ID server user account
Configuring user verification with SAML authentication and an Okta user account
Troubleshooting SAML user verification failure
System Settings
Configuring EMS settings
Generating a QR code for centrally managing FortiClient (Android) and (iOS) endpoints
Persistent connection
JWT support for ZTNA UID and tag sharing
Uploading custom certificate and private key for ZTNA
Uninstalling all endpoints
Configuring Logs settings
Sending EMS system log messages to FortiAnalyzer
Configuring FortiGuard Services settings
EMS Server Certificates
Adding an SSL certificate to FortiClient EMS
Alerts
Configuring EMS Alerts
Configuring Endpoint Alerts
Configuring SMTP Server settings
Viewing alerts
Custom Messages
Customizing the endpoint quarantine message
Customizing Web Filter messages
Invitation Email Template
Feature Select
MDM Integration
Deploying ZTNA certificates to FortiClient mobile via MDM
Multitenancy
Enabling and configuring multitenancy
Global and per-site configuration
Global configuration
Site level configuration
Left pane with multitenancy enabled
Editing a site
Adding a multitenancy administrator
Logging into EMS with multitenancy enabled
Fabric connection setup using FortiGate as a load balancer
Migrating to another EMS instance
FortiClient EMS API
Appendix A - FortiClient EMS services
Appendix B - FortiClient EMS VM password recovery
Hyper-V
KVM
Proxmox
VirtualBox
VMware ESXi
Change log
