Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Camshaft007
New Contributor

Created on ‎06-07-2014 12:58 PM

FCT-5.0.9 Custom installer

I' ve been trying to use the " FCT-Configurator Tool" (FCT-CFT for short) to build a custom installer for days now, but the FCT-CFT does not use my custom.config file when creating the FortiClient.MSI for Manual Distribution. Steps: 1. Launch FCT-CFT 2. Load License File 3. Load Custom.config file 4. Select " Everything" (I only need VPN and Application Firewall) and allow updates 5. FCT-CFT builds the .MSI' s However when I launch the FortiClient.MSI installer; NONE of the configuration parameters I' ve put in the Custom.config file have been enabled... Grr this makes me a sad Panda!

" The Linux philosophy is ' Laugh in the face of danger' . Oops. Wrong One. ' Do it yourself' . Yes, that' s it." - Linus Torvalds

" The Linux philosophy is ' Laugh in the face of danger' . Oops. Wrong One. ' Do it yourself' . Yes, that' s it." - Linus Torvalds
5702
0 Kudos
9 REPLIES 9
Chris_Lin_FTNT
Staff
Staff

Created on ‎06-09-2014 08:00 AM

Have you checked your custom.config before using it with FCT-CFT? E.g., restore it to a FortiClient and back again, to see if they are the same? Or you can share your custom.config, or send to forticlient-feedback@fortinet.com for Fortinet to take a look.
3389
0 Kudos
Camshaft007
New Contributor
In response to Chris_Lin_FTNT

Created on ‎06-10-2014 08:58 PM

Ahh.. yes I did that actually and probably should have mentioned that.. (Downloaded the FCT-CFT via my subscription creds.. v.5.0.9 zip package) 1. Installed Full FCT on my Test system 2. Configured FCT the way want it for end users (I could disable AV/Web but not the TABS) 3. Created Backup.config file to use as template for FCT-CFT 4. Uninstalled FCT fully with Revo-uninstaller which cleaned up the mess after FCT was removed. 5. Customized the .config file created via backup in step .3 6. Launched FCT-CFT used my license file, used my Backup.config file, chose " Everything" , " no updates" . 7. .MSI install file was created. 8. Launched said .MSI file, FCT (v5.0.9) installs with the VPN Configured , NO Application Firewall Tab , Tabs for A/V and Webfilter still visible ... So I guess this means... I' m making progress? LOL.. Just frustrated at this point, I might just force users to use the Tunnel Widget via the SSLVPN portal instead.

" The Linux philosophy is ' Laugh in the face of danger' . Oops. Wrong One. ' Do it yourself' . Yes, that' s it." - Linus Torvalds

" The Linux philosophy is ' Laugh in the face of danger' . Oops. Wrong One. ' Do it yourself' . Yes, that' s it." - Linus Torvalds
3388
0 Kudos
Chris_Lin_FTNT
Staff
Staff
In response to Camshaft007

Created on ‎06-12-2014 09:34 AM

What I meant was, after step 5, was that config tested (e.g. restore it on a FortiClient), to see if it provides what you wanted? Before FortiClient is registered to FortiGate, it' s not expected to show App FW (or have the App FW function).
3389
0 Kudos
stukat
New Contributor

Created on ‎06-11-2014 06:52 AM

I have the same issue. We got around it by adding a registry key so that the Forticlient automatically registers to the FortiGate. Then we used the advanced config option on our FortiGate to specify all the settings we required. FYI, bug in 5.0.9.347 prevents scripting when VPN is connected.
3389
0 Kudos
Camshaft007
New Contributor

Created on ‎06-11-2014 07:36 PM

Yea, my goal was to have a client that only had App.FW and VPN enabled from start, automatically(silently) register the client to the FGT, and disable the forticlient settings. I' m about 3/4 complete, but EVERY DAMN time you install the " Custom" Forticlient .MSI" the FortiClient updates it' s signatures and disables Windows Defender. I cannot have this happen with my remote/home users, else I will lose my mind!!

" The Linux philosophy is ' Laugh in the face of danger' . Oops. Wrong One. ' Do it yourself' . Yes, that' s it." - Linus Torvalds

" The Linux philosophy is ' Laugh in the face of danger' . Oops. Wrong One. ' Do it yourself' . Yes, that' s it." - Linus Torvalds
3389
0 Kudos
Chris_Lin_FTNT
Staff
Staff
In response to Camshaft007

Created on ‎06-12-2014 09:56 AM

I agree with stukat. Because your FortiClient will eventually register to a FortiGate and get the config, even if you want to create a custom installer MSI, you don' t need to config it in every detail.
3389
0 Kudos
Camshaft007
New Contributor
In response to Chris_Lin_FTNT

Created on ‎06-20-2014 10:19 PM

Obviously my email notifications are not working... I will go over your posts and reply back with my findings in the AM.. I had no idea this thread was active until I signed on tonight.

" The Linux philosophy is ' Laugh in the face of danger' . Oops. Wrong One. ' Do it yourself' . Yes, that' s it." - Linus Torvalds

" The Linux philosophy is ' Laugh in the face of danger' . Oops. Wrong One. ' Do it yourself' . Yes, that' s it." - Linus Torvalds
3389
0 Kudos
stukat
New Contributor

Created on ‎06-12-2014 06:08 AM

Don' t install a custom client. Install the base client. Then customize the script in the Fortigate itself using the advanced endpoint configuration. This way when it updates the config on the client you get exactly what you want. Finally got mine working. Last good release of the client (if you want to map drives) is 5.0.7.333 Part of my config...... FortiClient Configuration Deployment -------------------------------------------------------------------------------- Windows and Mac FortiClient configuration (XML format) entered below will be pushed to connecting clients. <?xml version=" 1.0" encoding=" UTF-8" ?> <forticlient_configuration> <forticlient_version>5.0.7.333</forticlient_version> <version>5.0</version> <date>2014/06/09</date> <partial_configuration>0</partial_configuration> <os_version>windows</os_version> <system> <ui> <ads>0</ads> <default_tab>VPN</default_tab> <flashing_system_tray_icon>1</flashing_system_tray_icon> <hide_system_tray_icon>0</hide_system_tray_icon> <suppress_admin_prompt>0</suppress_admin_prompt> <password /> <culture_code>os-default</culture_code> <gpu_rendering>0</gpu_rendering> </ui> <log_settings>
3389
0 Kudos
stukat
New Contributor

Created on ‎06-12-2014 06:24 AM

Forgot to mention that we needed to add a registry key prior to installing the client. This allows the silent registration. Key is [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Fortinet\FortiClient\FA_ESNAC] Manually register one client, export the key and then remove the user identifiable information. Take this revised key and install it on all clients. The FGPingServer & CustomFCCKPingServer are FQDN' s so that they can be reached internally and externally.
3389
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.