Fortinet white logo
Fortinet white logo

Installing the FortiNBI application

Installing the FortiNBI application

When a FortiProxy user with a matching policy that has the isolator profile attempts to access a website on a machine without the FortiNBI service running, the user will see the following prompt page with a download link to the FortiNBI installer.

To install the FortiNBI application:
  1. Click the FortiNBI installer link on the browser isolation replacement page to download the installer.

  2. Run the installer with an administrator account:

    1. Files are unpacked to the installation folder, by default C:\Program Files (x86)\Fortinet\FortiNBI.

    2. The FortiNBI GUI is registered as a task that runs automatically every time that a user logs on.

  3. FortiNBI starts automatically, followed by isolator and extension installations:

    1. FortiNBI checks if the system has Windows Subsystem for Linux (WSL) and Virtual Machine Platform enabled. If not, the installer will automatically enable and configure it.

    2. The isolator image is downloaded from the FortiProxy's HTTP portal, extracted to a temporary folder, imported to the system, and then the temporary files are removed.

    3. After the installation procedure finishes, restart the browser (if the browser is already open) for the FNBI extension to be installed. Reboot Windows when requested.

  4. When required, the client will receive an RDP pop-up window for isolation.

  5. To avoid certificate warnings, install the FortiProxy CA certificate in the browser on the machine with the Local Machine option selected.

    You can download the CA certificate in the following ways:

    • In the FortiProxy GUI, download the CA certificate from the Certificate list page under System > Certificates.

    • In the FortiProxy CLI, run the following command to download the CA certificate:

      exe vpn certificate <store> export tftp <CA name> <export format> <filename in tftp server> <tftp server address>

      where store is local for default CA certificate.

      For example, exe vpn certificate local export tftp FTNT_CA_SSL cer FTNT_CA 0.0.0.0

Installing the FortiNBI application

Installing the FortiNBI application

When a FortiProxy user with a matching policy that has the isolator profile attempts to access a website on a machine without the FortiNBI service running, the user will see the following prompt page with a download link to the FortiNBI installer.

To install the FortiNBI application:
  1. Click the FortiNBI installer link on the browser isolation replacement page to download the installer.

  2. Run the installer with an administrator account:

    1. Files are unpacked to the installation folder, by default C:\Program Files (x86)\Fortinet\FortiNBI.

    2. The FortiNBI GUI is registered as a task that runs automatically every time that a user logs on.

  3. FortiNBI starts automatically, followed by isolator and extension installations:

    1. FortiNBI checks if the system has Windows Subsystem for Linux (WSL) and Virtual Machine Platform enabled. If not, the installer will automatically enable and configure it.

    2. The isolator image is downloaded from the FortiProxy's HTTP portal, extracted to a temporary folder, imported to the system, and then the temporary files are removed.

    3. After the installation procedure finishes, restart the browser (if the browser is already open) for the FNBI extension to be installed. Reboot Windows when requested.

  4. When required, the client will receive an RDP pop-up window for isolation.

  5. To avoid certificate warnings, install the FortiProxy CA certificate in the browser on the machine with the Local Machine option selected.

    You can download the CA certificate in the following ways:

    • In the FortiProxy GUI, download the CA certificate from the Certificate list page under System > Certificates.

    • In the FortiProxy CLI, run the following command to download the CA certificate:

      exe vpn certificate <store> export tftp <CA name> <export format> <filename in tftp server> <tftp server address>

      where store is local for default CA certificate.

      For example, exe vpn certificate local export tftp FTNT_CA_SSL cer FTNT_CA 0.0.0.0