Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Georges_Orwell
New Contributor

Update definitions from central point

Hello all, Is there a way to manage all the FortiClients 5.2.1 settings from the fortigate? I speak about pushing antivirus policy (scheduled san, scan type, retrieve update definition) and Web security settings ( site catégorie, exceptions ...) and VPN ssl settings? Thank you for your help Georges
5 REPLIES 5
Christopher_McMullan

Settings, yes. Definition updates, AFAIK, no. That would be a FortiManager still, even under OS 5.0 and 5.2. Enable Endpoint Control as a feature on the FortiGate, and look through the default options. If you want to define custom settings down to the level of the XML config for a client, run: config endpoint-control-profile edit profile_name config forticlient-winmac-settings set forticlient-advanced-cfg enable end end Reload the GUI...you should now have a section, in addition to all the rest, where you can paste in a custom configuration. See the XML reference guide for more details (this is for 5.2): http://docs.fortinet.com/uploaded/files/2076/forticlient-xml-52.pdf

Regards, Chris McMullan Fortinet Ottawa

Georges_Orwell
New Contributor

Hi Chris, Thank you for your help. At page 73/90 there is command to export local configuration of forticlient to the XML file. But when i try to import this xml to other client with same version of forticlient, there is no settings applied. My question is : is there a way to deploy by GPO an MSI on an EXE of forticlient with customized configuration. I already tryed MSI method with mst file but without result (config not applied) and fcconfig method by importing xml file (no result anyway)... Thank you for your help
Christopher_McMullan

Those are the two ways... Something is going wrong in each case, so I' d advise opening a TAC ticket to find out why. I successfully tested using the repackager tool last week for a case, and could use both the unlicensed trial version and the licensed copy (based on a discrete license for FortiClient seats) without any issues. I repackaged the client installer with my desired config, then used: msiexec.exe /i config.msi TRANSFORMS=config.mst The msiexec tool allowed me to approximate an automated domain installation.

Regards, Chris McMullan Fortinet Ottawa

Georges_Orwell
New Contributor

I tried but i don' t know how to open the ticket because it say me to enter a serial number. But in the contract there is no serial number for forticlient and when i put the s/n of Fortigate i can only access to ticket for Fortigate.
Christopher_McMullan

I see that limitation too when I create a ticket based on the devices I own. If I select my FortiGate(s), it locks the type to FortiGate; for FortiManager, it locks the type to FortiManager. I would open a ticket anyway under the FortiGate, either by submitting it electronically, or call the issue in, still quoting the FortiGate' s S/N.

Regards, Chris McMullan Fortinet Ottawa

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors