Skip to main content
cfirpo_FTNT
Staff
cfirpo_FTNT
Staff
June 6, 2016

Technical Tip: How to partially modify FortiClient configuration via XML (Legacy, FortiOS 6.0 and older)

  • June 6, 2016
  • 0 replies
  • 2257 views

Description

 

This article explains how to push a partial configuration to FortiClient hosts using FortiClient Profiles on the FortiGate.


Scope

 

FortiOS v6.0 and earlier, FortiClient


Solution

 

Important: FortiClient Profiles are a legacy feature that were present up until FortiOS v6.0 and have since been deprecated in FortiOS v6.2 and later (see also: FortiClient Endpoint Telemetry license). The modern replacement for managing FortiClient endpoints is FortiClient EMS (see also: Introduction), though this article has been retained for historical purposes and continues below.

 

The FortiGate can be used to partially modify a FortiClient configuration by enabling the advanced FortiClient profile functionality. To enable this function, modify an existing FortiClient Profile in the CLI and enable forticlient-advanced-cfg:

 

config endpoint-control profile
    edit <profile_name>
        config forticlient-winmac-settings
            set forticlient-advanced-cfg enable
        end
   next
end

 

After the setting is enabled, navigate to Security Profiles -> FortiClient Profiles in the GUI and edit the modified profile. The advanced configuration dialog box will be displayed and provides an option to enter an XML configuration that can be pushed to managed FortiClients.

 

ADV_FCLIENT_CFG.PNG

 

The following is an example of the FortiClient XML configuration to be modified/applied. Notice that the partial configuration flag is enabled here:

 

<?xml version="1.0" encoding="UTF-8" ?>
<forticlient_configuration>
<partial_configuration>1</partial_configuration>
<system>
<ui>
<ads>0</ads>
<default_tab>VPN</default_tab>
<flashing_system_tray_icon>0</flashing_system_tray_icon>
<hide_system_tray_icon>0</hide_system_tray_icon>
<suppress_admin_prompt>0</suppress_admin_prompt>
<culture_code>os-default</culture_code>
</ui>
<update>
<use_custom_server>0</use_custom_server>
<port>80</port>
<timeout>60</timeout>
<failoverport>8000</failoverport>
<fail_over_to_fdn>1</fail_over_to_fdn>
<scheduled_update>
<enabled>0</enabled>
<type>interval</type>
<daily_at>03:00</daily_at>
<update_interval_in_hours>3</update_interval_in_hours>
</scheduled_update>
</update>
</system>
</forticlient_configuration>

 

Related document:

Configuring profiles

Terms & ConditionsAccessibility statement