FortiClient
FortiClient proactively defends against advanced attacks. Its tight integration with the Security Fabric enables policy-based automation to contain threats and control outbreaks. FortiClient is compatible with Fabric-Ready partners to further strengthen enterprises’ security posture.
adriellousada
Article Id 395623
Description This article outlines how to import the default and custom categories from FortiGate to FortiClient EMS.
Scope FortiClient EMS and FortiGate.
Solution

FortiGate requirements:

 

Important:

HTTPS access must be permitted by FortiGate to effectively import Web Filter profiles from FortiOS to FortiClient EMS.

 

In FortiGate:

  1. Go to Network -> Interfaces.

  2. Select the desired port.

  3. Under Administrative Access, check the HTTPS option.

 

check-https.png

 

If the admin account that will be used for the import is configured with a trusted host, add the IP from where the connection attempt will originate. If using EMS Cloud, add the Cloud IP: FortiClient Cloud Portal > -About.

 

TrustedHost.png

 

Related document:

Allowlisting the FortiClient Cloud IP addresses   

 

Importing Web Filter Profile:

 
Steps to Import a Web Filter Profile from FortiGate to EMS:
  1. On FortiGate, navigate to Security Profiles -> Web Filter.
  2. On EMS, go to Endpoint Profiles -> Web Filter -> Import -> From FortiGate/FortiManager.

 

ems-web-filter.png

 

In the screen that appears, fill out the following fields:
 

ems-fgt.png

 

The FortiGate's configured Web Filter profiles will be listed.

 

web-filter-list.png


Select the profiles that will be imported into FortiClient EMS and select Next.
 

 

Select the Synchronization Mode and select Import:

 

import-web-filter-fgt.png

 

The chosen profiles will be imported by EMS and shown in a group called FortiGate named after the source under Endpoint Profiles -> Manage Profiles.

 

Checking custom category import.

 

Additionally, custom categories are imported. The URLs added to each custom category, however, will be displayed in the exclusion list with the same configured action rather than in the category list. This is demonstrated in the following example:

 

  • Category created in FortiGate:

 

web-filter-custom-action.png


custom-category.png
custom-url.png

 

  • Example of the same category after being imported into EMS:


ems-exclusion-list.png

 

Note that the same URL was imported with the deny action, as originally configured in the FortiGate.