Any suggestions on where to look in the documentation for setup instructions on EMS client rollout via MSI.
I've used the FortiClientConfigurationTool but it doesn't allow for inserting the URI of the EMS server.
Tried exporting the EMS profile XML file and renaming it *.config, that that didn't make a difference.
Deploying EXE files is not an option, users don't have local admin rights. The EMS server is not on the same private IP scheme as the clients, so push is not an option. MSI is the best way in this case.
Deploying the MSI from the Fortinet downloads area only installs SSLVPN+IPSEC VPN, which is smart.
Deploying the MSI from the FortiClient Configuration Tool installs all components, but they can't seem to point to the EMS server.
I've located the EMS server in the registry, but am not sure this is a supported config method:
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Fortinet\FortiClient\FA_ESNAC\FGPingServer (REG_SZ)
Any help or tips would be appreciated. I'll even take .exe deployment via command line options in case that turns out to be the only way.
In the meantime, I opened a ticket asking for access to the "FortiClientConfigurationTool_5.6.0.1075.zip" which is supposed to be in the downloads area but is not. I say supposed to be because it's listed in the "Readme_1st.txt" file.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I'm told the new FortiClient configurator will do it: http://docs.fortinet.com/d/forticlient-configurator-tool
But we need a Fortinet Developer account to access the program.
Created on 10-17-2017 07:23 AM
The new FortiClent configurator will do it.
EMS deployment directions:
1) log into EMS console. make a "Forticlient telemetry gateway IP list" (lower left corner)
2) once done with the telemetry IP list, you'll be given the option to export to XML (next to the save button)
3) on the first page of the FortiClient configurator wizard, two options are available to add XML files. Choose the lower one of the two and give it the XML file you just generated.
4) choose the options you want for deployment. We went full boat.
5) copy those MSI files to a sharepoint on your network which is accessible to workstations and users (very important). Cheating, I know, I used the \\domaincontroller\netlogon share and made a subfolder for "apps"
6) open the AD Group Policy program and make a new policy on the appropriate OU containing the workstations. The default "computer" OU cannot be used. You must move them to a new OU. That's a good thing, by the way.
7) edit the policy -> go to (top half) computer-> software -> software. Right click and choose NEW to add a new software package.
7a.) choose ADVANCED (not assigned)
7b.) locate the MSI for the x32 or x64 version of the client
7c.) BEFORE CLICKING OK, go to the modifications tab and click the "add" button
7d.) drill down to the MST file (transform) which was generated by the FortiClient configurator and is in the same folder as the MSI file
7e.) click ok. Now you can click ok to add the program to your group policy.
8) on a workstation, save all work, close all programs and run: gpupdate /force /boot
Hope that helps someone else.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1711 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.