Description
This article describes how to configure the ideal FortiClient Deployment Policy based on different use cases.
Scope
FortiClient EMS v7.0, v7.2, and v7.4.
Solution
The following will be the annotation for the setting parameters:
[ ] Start at a Scheduled Time
[ ] Unattended Installation
[ ] Reboot When Needed
[ ] Reboot When No Users Are Logged In
[ ] Notify Users and Let Them Decide When to Reboot When Users are Logged In
Use cases are shown below, starting from a more user-oriented method to the most forceful installation method.
Use case 1: Allow end users to schedule their desired time to reboot and install FortiClient:
[✓] Start at a Scheduled Time
[ ] Unattended Installation
[✓] Reboot When Needed
[ ] Reboot When No Users Are Logged In
[✓] Notify Users and Let Them Decide When to Reboot When Users are Logged In
Behavior: End users will get below pop-up notification to select their time to install FortiClient:
Note:
If the end users shut down the computer before the selected time, on the next machine bootup, FortiClient will immediately start the installation process.
Use case 2: Notify the end user about the FortiClient upgrade, but do not allow end users to select the time to reboot to install FortiClient.
[ ] Start at a Scheduled Time
[ ] Unattended Installation
[✓] Reboot When Needed
[ ] Reboot When No Users Are Logged In
[✓] Notify Users and Let Them Decide When to Reboot When Users are Logged In
Behavior in FortiClient version 7.0.11 and below: The pop-up will look like the one below, and the FortiClient installation can be paused indefinitely until the end-user reboots the machine.
Behavior in FortiClient version 7.2.5 and earlier: The end users will receive the pop-up notification shown below, which can only be postponed for a maximum of 15 minutes for the reboot.
FortiClient v7.2.6+ and v7.4.0+ behavior: End users will receive an upgrade scheduled within 20 minutes by default. End users can defer it, but the upgrade cannot be postponed to the next day.
Note: The machine will reboot immediately after the installation is completed, and there is no further pop-up warning to the end user.
Use case 3: Forcefully upgrade FortiClient, without giving end users any warning/pop-up notifications
This is usually used for machines that are online but unattended, or when a FortiClient upgrade is urgent and cannot be delayed further.
[ ] Start at a Scheduled Time
[✓] Unattended Installation
[ ] Reboot When Needed
[ ] Reboot When No Users Are Logged In
[ ] Notify Users and Let Them Decide When to Reboot When Users are Logged In
Behavior: There will be no warning/pop-up notifications. Once the FortiClient installer is downloaded from EMS, the installation starts immediately, and the machine will be rebooted automatically.
Further explanations for the following parameters:
[✓] Reboot When No Users Are Logged In
[✓] Notify Users and Let Them Decide When to Reboot When Users are Logged In
When 'Notify Users and Let Them Decide When to Reboot When Users are Logged In' is enabled, 'Reboot When No Users Are Logged In' will have no effect. This means that the installation will behave as it would in Use Case 2.
