Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Jim_FH
New Contributor III

EMS installer for Forticlient 6.2.1 for Mac

I have EMS 6.2.2 running and I've created an on-net and off-net profile, which are virtually identical.

The profiles have VPN, Web Filter and Application Firewall enabled, but nothing else. 

 

I then created a 6.2.1 installer from the "Manage Installers" in EMS, and selected the endpoint profile during the process. (6.2.1 because 6.2.2 doesn't play well with Mac's newest Catalina OS).

 

However, i don't see expected results upon installing the client:

 

Initially, only the Fabric Telemetry and Remote Access features are visible (no sign of Web Filtering or App firewall).

 

Upon connecting the VPN (and registering with EMS), I see the Web Filter and Vulnerability Scan tabs get added (i don't have any profiles with Vulnerability Scan enabled, and no sign of the App Firewall).

 

Upon disconnecting from the VPN and manually disconnecting from EMS, the client reverts back to having only the Fabric Telemetry and Remote Access tabs.

 

Anyone else having similar unexpected results with EMS and the forticlient for Mac?  Ideally i'd have the Web Filter and App Firewall running when the client is both on and off net.

 

1 REPLY 1
Chris_C_FTNT
Staff
Staff

Before a FortiClient connects to EMS it is not Licensed.  You can verify by going to the Remote Access tab - it will show you a date when the FortiClient must be registered to EMS.  Until then, VPN is the only available feature.

 

Once connected to FortiClient it will register with EMS but will still be using the Default policy. 

 

Did you create an Endpoint policy?  This matches the profile to the workgroup/domain. 

 

Next step is to either manually move the FortClient to a Workgroup or Domain (go to All Endpoints, click on the client then choose Move to - then pick a Workgroup or Domain that is associated with the profile you want to use on the client).

 

The other option is to create a Group Assignment rule (Endpoints, Group Assignment Rule) then create a rule that will match the client.  Go ahead and either schedule or manually run the rule.

 

Go to Endpoints, All Endpoints then you will see the client is now in the workgroup/domain and it will also have the assigned Profile. 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors