I'm just making my first steps with the FortiClient EMS. I have already installed some clients on domain PCs and would now like to update them.
1. I can assign a deployment package only to a OU. But I don't want to supply all PCs in this OU with the forticlient. I only want to update not to install.
2. If I don't use the AD connection, but "only" groups, then I can deploy to the group only, but I can no longer distribute the client policy dynamically per user group.
Background: There are about 1000 PCs in different OUs and the FortiClient should only be used for SSLVPN on 50 PCs, which is why I don't want to distribute the installation to all PCs.
Is there a best practice how to do it?
How can i keep the installed clients up to date?
Go to Solution.
1. Create a custom group under your desired OU
2. Map the same endpoint policy to the new custom group (so that endpoints in the new custom group get the same profile)
3. Move your desired PC to upgrade FCT to the new custom group
4. Create a FCT upgrade deployment package to the new custom group
5. The upgrade process will happen for PCs that are in new custom group only
6. After upgrade is completed, you may move back your desired PC back to their original OU group.
This may be a suitable solution if you have imported 1000+ AD domain joined endpoints, but only need to manage 50+ endpoints.
View solution in original post
thank you very much. This is exacly what i'm looking for.
Most welcome Sebastian.Consider mark it as "solution" if it worked for you, so everyone can refer to it if have similar query.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.