Professional Documents
Culture Documents
FortiClient EMS 6.2 Lab Guide-Online
FortiClient EMS 6.2 Lab Guide-Online
© FORTINET
Fortinet Document Library
http://docs.fortinet.com
Fortinet Knowledge Base
http://kb.fortinet.com
Fortinet Forums
https://forum.fortinet.com
Fortinet Support
https://support.fortinet.com
FortiGuard Labs
http://www.fortiguard.com
Feedback
Email: courseware@fortinet.com
12/17/2019
DO NOT REPRINT
© FORTINET
TABLE OF CONTENTS
© FORTINET
Virtual Lab Basics
In this course, you will use a virtual lab for hands-on exercises. This section explains how to connect to the lab
and its virtual machines. It also shows the topology of the virtual machines in the lab.
If your trainer asks you to use a different lab, such as devices physically located in your
classroom, then ignore this section. This section applies only to the virtual lab
accessed through the Internet. If you do not know which lab to use, please ask your
trainer.
Network Topology
Lab Environment
Fortinet's virtual lab for hands-on exercises is hosted on remote data centers that allow each student to have their
own training lab environment or point of deliveries (PoD).
© FORTINET
Before starting any course, check if your computer can connect to the remote data center successfully. The
remote access test fully verifies if your network connection and your web browser can support a reliable
connection to the virtual lab.
You do not have to be logged in to the lab portal in order to run the remote access test.
If your computer connects successfully to the virtual lab, you will see the message All tests passed!:
© FORTINET
Logging In
After you run the remote access test to confirm that your system can run the labs successfully, you can proceed to
log in.
You will receive an email from your trainer with an invitation to auto-enroll in the class. The email will contain a
link and a passphrase.
© FORTINET
Your system dashboard appears, listing the virtual machines (VMs) in your lab topology.
l From the box of the VM you want to open, click View VM.
When you open a VM, your browser uses HTML5 to connect to it. Depending on the VM you select, the web
browser provides access to either the GUI of a Windows or Linux VM, or the CLI-based console access of a
Fortinet VM.
© FORTINET
For most lab exercises, you will connect to a jumpbox VM, that could be either a Windows or a Linux VM.
From the jumpbox VM, you will connect over HTTPS and SSH to all other Fortinet VMs in the lab
environment.
If your computer’s connection to the VM times out or closes, to regain access, return to the window or tab that
contains the list of VMs for your session, and reopen the VM.
Screen Resolution
To configure screen resolution in the HTML5 client, use the Resolution drop-down list on the left. You can also
change the color depth:
© FORTINET
You can use the Virtual Keyboard panel to either send the Ctrl-Alt-Del combination, or the Windows key:
From the Virtual Keyboard panel, you can also copy text to the guest VM's clipboard:
© FORTINET
Student Tools
There are three icons on the left for messaging the instructor, chatting with the class, and requesting assistance:
Troubleshooting Tips
l Do not connect to the virtual lab environment through Wi-Fi, 3G, VPN tunnels, or other low-bandwidth or high-
latency connections.
l Prepare your computer's settings by disabling screen savers and changing the power saving scheme so that your
computer is always on, and does not go to sleep or hibernate.
l For best performance, use a stable broadband connection, such as a LAN.
© FORTINET
l You can run a remote access test from within your lab dashboard. It will measure your bandwidth, latency and
general performance:
l If the connection to any VM or the virtual lab portal closes unexpectedly, try to reconnect. If you can't reconnect,
notify the instructor.
l If you can't connect to a VM, on the dashboard, open the VM action menu, and select Reset:
l If that does not solve the access problem, you can try to revert the VM back to its initial state. Open the VM action
menu, and select Revert:
Reverting to the VM's initial state will undo all of your work. Try other solutions first.
© FORTINET
l During the labs, if the VM is waiting for a response from the authentication server, a license message similar to the
following example appears:
In this lab, you will examine FortiClient manual installation and explore security features.
Objectives
l Install FortiClient on a Windows host
l Test the FortiGuard category-based option for web filtering
l Test real-time protection scanning
l Run an on-demand vulnerability scan
Time to Complete
Estimated: 25 minutes
Prerequisites
Before beginning this lab, you must make sure that the installer file from the EMS deployment package is
available on the desktop of the FortiClient-Laptop VM, in the Resources folder.
In 6.2.0, FortiClient must be used with FortiClient EMS. FortiClient must connect to
EMS to activate its license and become provisioned by the endpoint profile that the
administrator configured in EMS. For this exercise, we have provided a deployment
package file from EMS. You cannot use any FortiClient features until FortiClient is
connected to EMS and licensed.
After installation, FortiClient will be managed by EMS, and all security profiles have
been configured to perform lab tasks.
In this section, you will install FortiClient using an installer file from EMS.
3. Accept the license agreement, and then click Next to start the installation.
© FORTINET
4. By default, the FortiClient files will install in the C:\Program Files\Fortinet\FortiClient\ folder.
5. Click Next to continue.
6. Click Install.
© FORTINET
© FORTINET
7. Click Finish after the FortiClient installation is complete.
Next, FortiClient downloads all the signature databases to get up-to-date. It may take some time before the
download completes and FortiClient is available to configure other options. However, you can continue with
the lab steps as the download process runs in the background.
8. On the FortiClient-Laptop VM, in the system tray, right-click the FortiClient icon.
9. In the list on the top, click Open FortiClient Console to open the FortiClient GUI.
Allow some time to get all the FortiClient configuration from EMS.
In this exercise, you will examine the FortiClient web filter based on FortiGuard categories, by making sure that
FortiClient can contact the FortiGuard servers.
Then, you will review a category-based web filter security profile on FortiClient, and inspect the HTTP traffic.
Finally, you will test different actions taken by FortiClient, according to website categories.
You will verify connectivity to FortiGuard distribution servers (FDS) from the FortiClient host machine.
In order to understand web filter categories, you must first identify how specific websites are categorized by the
FortiGuard service.
© FORTINET
2. Use the Web Filter Lookup tool to search for the following URL:
http://www.youtube.com
3. Use the Web Filter Lookup tool again to find the web filter category for the following websites:
© FORTINET
l http://www.viber.com/
l http://www.ask.com/
l http://www.bing.com/
© FORTINET
You will test your web filter using these websites as well.
The following table shows the category assigned to each URL, as well as the action configured on FortiClient
to take based on your web filter settings:
You will review the web filtering profile and configuration of the FortiGuard category-based filter.
© FORTINET
4. On the Web Filter tab, on the upper-right corner, click the settings icon .
5. Review the configured actions for each category:
Category Action
Adult/Mature Content Allow: Sports Hunting and War Games, Sex Education, Lingerie
and Swimsuit
Block: all other sub-categories
Unrated Allow
© FORTINET
7. Verify that Streaming Media and Download is set to Block, and Internet Telephony is set to Warn.
For the purposes of this lab, you will test the web filter security profile configured for each category.
© FORTINET
In this procedure, you will verify that the URL www.mp3.com is included in the exclusion list.
2. On the Web Filter tab, on the upper-right corner, click the settings icon .
© FORTINET
Test the Web Exclusion List
You will test the web exclusion list you reviewed in the previous procedure.
In this exercise, you will use antivirus to understand how FortiClient performs real-time protection. You will also
learn how a vulnerability scan helps detect and patch application vulnerabilities that can be exploited by known
and unknown threats.
2. You can also click the settings icon , and verify that the Scan files as they are downloaded or copied to
my system checkbox is selected.
© FORTINET
Test the Antivirus Real-Time Configuration
You will download the EICAR test file to your FortiClient-Laptop VM. The EICAR test file is an industry-standard
virus used to test antivirus detection without causing damage. The file contains the following characters:
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
http://eicar.org
2. On the EICAR website, on the upper-right corner of the page, click DOWNLOAD ANTI MALWARE TESTFILE.
3. On the left side of the page, click the Download link.
4. In the Download area using the standard protocol https section, download the sample file named eicar_
com.zip.
FortiClient should quarantine the download attempt and insert a replacement message similar to the
following example:
© FORTINET
FortiClient shows the HTTP/HTTPS virus message when it blocks or quarantines infected files.
© FORTINET
Stop and think!
Because the file is quarantined, an EMS administrator must whitelist it and restore it to view the content.
3. After the scan is finished, you will see the scan results under Vulnerabilities Detected.
4. To review the vulnerability details, click Critical, and then expand the third-party app.
In this case, FortiClient cannot automatically install the software patch because the recommended action is
Manual Install. You can manually download and install the latest version of vulnerable software to fix the
vulnerability.
In this exercise, you will modify the FortiClient XML file. For this exercise, you must install a free version of
FortiClient VPN software.
You will install a FortiClient VPN only software to use specifically for this exercise.
© FORTINET
© FORTINET
You will download the FortiClient XML backup file so you can understand the format and make changes.
© FORTINET
Now, you will open the XML file in Notepad++ to review and modify it by applying the VPN settings from another
XML file. Make sure you follow the XML design considerations discussed in the lesson, otherwise the
configuration file will be invalid.
After making the changes, the XML configuration will appear as follows:
You must override or change the connection close syntax from <connections/> to
</connections> in the FortiClient-backup.conf file. Otherwise you will receive an
invalid file error when you try to restore the configuration on FortiClient. There should
be an opening <connections> and a closing section with </connections>.
© FORTINET
Upload the Modified XML File and Review the Changes to Remote Access
You will restore the modified XML file on FortiClient and review the VPN feature. You'll see that there is a VPN
connection configured on FortiClient.
© FORTINET
To upload the modified XML file and review the changes to remote access
1. Continuing on the AD Server VM, on the FortiClient GUI, in the pane on the left side of the window, click Unlock
Settings > Settings.
2. Unlock system settings and then in the System section, click Restore.
3. Click Desktop > Resources, and then select the file FortiClient-backup.conf to restore the new settings
to FortiClient.
If the file is restored successfully, a message window will open. Otherwise, you will see the error "Failed to
process the file".
If you see a "Failed to process the file" error, check if the XML file is missing or has an
incorrect XML hierarchy or syntax.
4. After the file is restored, FortiClient will inform you with a message. Click OK to proceed.
5. Click the Home icon.
© FORTINET
© FORTINET
On the GUI, you can make and save further changes to the VPN settings.
8. Click the Windows icon, and open Control Panel > Uninstall a Program.
9. Find the FortiClient application in the installed programs list, and click it to select the application.
10. Click Uninstall to remove FortiClient application.
11. Once FortiClient is uninstalled, reboot the AD Server to complete the removal process.
We will be using the AD Server to deploy another version of FortiClient later in the
labs, therefore, it is important for you to remove the current FortiClient version.
Objectives
l Access the FortiClient EMS GUI
l Explore the dashboard and view system information
l Create an administrator
l Configure system settings
l Create an endpoint group
l Run a vulnerability scan on an endpoint
Time to Complete
Estimated: 40 minutes
Prerequisites
Before beginning this lab, you must make sure that FortiClient EMS is installed on the AD Server.
In this exercise, you will access the FortiClient EMS GUI, and create a new administrator account.
You will access the FortiClient EMS GUI, by either launching the application or using a web browser.
© FORTINET
3. To log in to the FortiClient EMS GUI, type the username admin and password Password123.
4. To confirm the FortiClient EMS serial number, click Dashboard > FortiClient Status.
5. In the System Information widget, the Serial Number field shows the serial number. Write this down.
You can also access the FortiClient EMS web GUI using the server hostname
https://<server_name>.
Tip: You can get the <server_name> by running ipconfig /all on the server.
Your Host Name appears under the Windows IP Configuration. If you
cannot access the FortiClient EMS remotely, make sure that you can ping <server_
name>, by adding it to the DNS entry or the Windows host file.
6. Navigate to Profile Components, and you will see Manage CA Certificates. Here, you can upload and
manage certificates that can be used for EMS HTTPS access.
To log in to FortiClient EMS, you need a user administrator account. You will create both a super administrator
and a limited access account.
© FORTINET
4. In the Add user window, in the User source section, select Choose from LDAP or Windows users, and
click Next.
Field Value
User EMSadmin
7. Click on the admin icon on the right side of the EMS GUI, and select Sign out.
© FORTINET
8. Log back in with the username EMSadmin and the password password.
Under Profile Components, you will see View CA Certificates instead of Manage CA Certificates.
In this exercise, you will configure the following FortiClient EMS system settings:
l Server settings
l Log settings
l Login banner settings
In Server settings, you can configure settings, such as hostname, FQDN, and remote access. You will configure
FQDN to access the FortiClient EMS server, using configured FQDN.
4. To allow remote access using FQDN, select the Remote HTTPS access checkbox, and type * in the Custom
hostname field.
5. To apply the changes, click Save.
6. To access the FortiClient EMS server, on the FortiClient-Laptop, open Firefox, type the URL
https://myemsserver.com, and then accept the self-signed certificate.
In the Logs settings, you can configure the log level, and the number of days that you want to keep logs, events,
and alerts, before they are cleared. You will change the Log level setting.
© FORTINET
To configure log settings
1. On the FortiClient EMS GUI, click System Settings > Logs.
2. In the Log level drop-down list, select Debug.
In Login Banner settings, you will configure a disclaimer message that appears before a user logs in to
FortiClient EMS.
© FORTINET
5. Open the FortiClient EMS GUI again.
A Disclaimer appears.
In this exercise, you will create an endpoint group, group assignment rule, and run antivirus and vulnerability
scans on endpoints. Endpoint management enables FortiClient EMS to perform various actions and run scans.
You will create individual groups for Windows workgroup endpoints on FortiClient EMS.
© FORTINET
FortiClient EMS can use group assignment rules to automatically place endpoints into custom groups, based on
the installer ID, IP address, OS, or AD group of the endpoints. You will create a group assignment rule based on
OS.
Field Value
Type OS
OS Windows
5. To add Windows endpoints to the new group, on the pane on the right, click Run Rules Now.
© FORTINET
Run Antivirus and Vulnerability Scans on a Registered Endpoint
FortiClient EMS endpoint management can run scans on managed clients. Before you can run a scan, you must
change the endpoint policy on FortiClient EMS.
To modify the endpoint policy and assign the default endpoint profile
1. On the FortiClient EMS GUI, click Endpoint Policy, and then select Student.
2. On the pane on the right, in the Endpoint profile field, select Default in the drop-down list.
3. To apply the changes, click Save.
4. On the FortiClient-Laptop VM, in the system tray, right-click the FortiClient icon.
After applying the changes, wait until the FortiClient configuration update is received from FortiClient EMS.
You will notice that the MALWARE PROTECTION tab is removed from FortiClient.
© FORTINET
Stop and think!
Why did the MALWARE PROTECTION tab disappear after you assigned the Default endpoint profile?
The Default endpoint profile doesn't have the malware protection feature enabled by default. To enable
AV, click the AntiVirus Protection button.
2. Beside the registered client, select the checkbox to highlight the registered client.
The following options will appear: Scan, Patch, Move to, and Action.
© FORTINET
The scan will start, and it will finish after the endpoint re-syncs or sends the next keepalive packet.
© FORTINET
Vulnerability information will appear on the dashboard or client details page, similar to the following example:
In this exercise, you will enable the Security Fabric to trigger automatic quarantine, based on indicators of
compromise (IOC) on FortiAnalyzer.
To identify compromised hosts, FortiClient must send logs to FortiAnalyzer. You will verify the FortiClient log
settings.
© FORTINET
If you are using a web browser to access FortiClient EMS, you must enable Advanced
view settings.
You will configure the Security Fabric and enable telemetry on the FortiGate internal interface.
To configure the Security Fabric and enable telemetry on the root FortiGate
1. On the FortiClient-Laptop VM, open Firefox, type the FortiGate IP address 10.0.1.254, and log in with the
username admin and password password.
2. On the FortiGate GUI, click Security Fabric > Settings.
3. Enable FortiGate Telemetry.
4. In the Security Fabric role field, click Serve as Fabric Root.
5. In the Fabric name field, type Fabric.
6. Leave Management IP/FQDN and Management Port at their default values.
7. In the Allow other FortiGates to join field, click the + sign, and add LAN (port3).
8. In the FortiAnalyzer Logging section, in the IP address field, type 10.0.1.250, and click Test
Connectivity. You will see the following message:
© FORTINET
9. To authorize FortiGate on the FortiAnalyzer, open Firefox, type https://10.0.1.250, and log in with the
username admin and password password.
10. On Device Manager, select the serial number of the FortiGate, and click Authorize.
Once FortiGate is authorized on FortiAnalyzer, the FortiGate GUI will look similar to the following example:
11. Continuing on the FortiGate GUI, click Security Fabric > Settings, and in the FortiClient Endpoint
Management System (EMS) section, type the following settings:
Field Value
Name EMSServer
Password Password123
© FORTINET
To enable Security Fabric automation and create a new stitch
1. Continuing on the FortiGate GUI, go to Security Fabric > Automation, and click Create New.
2. In the Name field, type Endpoint-Compromised. Leave the Status and FortiGate fields at their default
values.
3. In the Trigger section, click Compromised Host, and in the Threat level threshold field, click Medium.
4. In the Action section, click Quarantine FortiClient via EMS, and leave the Minimum interval at the default
value.
5. Click OK to save the settings.
Field Value
Name IOC_Policy
Source FortiClient-Laptop
Destination all
© FORTINET
Field Value
Schedule always
Service ALL
Action ACCEPT
NAT <enable>
3. Click OK.
4. Drag and drop the IOC_Policy policy above the Full_Access policy.
© FORTINET
© FORTINET
6. Continuing on the FortiClient-Laptop VM, log in to the FortiGate GUI. Click FortiView > Compromised Hosts.
8. To view logs, click Log & Report > Events > System Events.
Since FortiClient is now quarantined, you will not be able to access FortiClient-Laptop using RDP.
9. Click the FortiClient-Laptop VM tab, and select CON under Remote Access Controls.
10. Click the icon to send a Ctrl+Alt+Delete key combination to Windows, so you can enter a password.
© FORTINET
11. Enter the password password to log in to Windows using the console connection.
12. FortiClient will show the quarantine screen. FortiClient is blocking all communication, except to the EMS.
13. On the FortiClient-Laptop VM, ping EMS and FortiGate, browse the Internet, and resolve the domain name
www.google.com. The endpoint is blocked at the client network device level.
To remove the client from the compromised hosts list, go to the FortiAnalyzer GUI,
and click SOC > Fortiview. To clear the host, click Threats > Compromised Hosts,
click ACK to acknowledge the host, and then write some text. This will also clear the
host from FortiGate.
14. On the AD Server, log in to the FortiClient EMS GUI, and select Endpoints > All Endpoints.
15. In the right pane, select FortiClient-Laptop, and then click Action, and Unquarantine to allow Internet
access to the endpoint.
© FORTINET
16. Go back to the FortiClient-Laptop, and change the Remote Access Control type to RDP.
You will now be connected to the FortiClient-Laptop over RDP.
In this lab, you will learn about the deployment and provisioning of FortiClient on endpoints, using FortiClient
EMS.
Objectives
l Create and manage a deployment package
l Create a gateway list
l Add endpoints to FortiClient EMS from Windows AD
l Create an endpoint profile
l Configure a VPN tunnel
l Assign a new endpoint profile to an AD domain or workgroup endpoints
l Create and test a compliance verification rule
Time to Complete
Estimated: 45 minutes
Prerequisites
Before beginning this lab, you must make sure that the Windows server is configured as an AD domain controller.
You must also enable FortiTelemetry on FortiGate interface port 3.
In this exercise, you will create a deployment package and gateway list for endpoint profile deployment.
© FORTINET
6. In the Advanced tab, select Enable desktop shortcut, and keep the default values for the other settings. Click
Next.
7. In the Telemetry tab, notice that it shows that FortiClient will be managed by <EMS hostname and FQDN
address>.
8. To add the deployment package to FortiClient EMS, click Finish.
The installer appears on the Manage Installer > Deployment Packages pane.
© FORTINET
FortiClient EMS automatically connects to the FortiGuard Distribution Network (FDN)
to provide access to the FortiClient installers, which you can use with FortiClient EMS
deployment packages. If a connection to FDN is not available, or you want a custom
installer, you must manually download a FortiClient installer and upload it to add it to
FortiClient EMS.
You will create a gateway list to define the IP address of the FortiGate device that you want FortiClient to connect
to for sending FortiClient telemetry.
Field Value
In this exercise, you will add endpoints to FortiClient EMS by importing endpoints from the Windows AD server.
Endpoints are also added when endpoint users manually connect FortiClient Telemetry to FortiClient EMS.
You can manually import endpoints from an AD server. You can import and synchronize information about
computer accounts with an LDAP or LDAPS service. You can add endpoints by identifying the endpoints that are
part of an AD domain server.
Field Value
Username ADadmin
Password password
© FORTINET
You can add the entire domain or an organizational unit (OU) from the domain. After
you import endpoints from an AD server, you can edit the endpoints. These changes
are not synchronized back to the AD server.
In this exercise, you will create an endpoint profile and assign the profile to endpoints for FortiClient software
deployment. You will also configure a security profile and provision a VPN.
To push the configuration to FortiClient endpoints, you must create an endpoint profile. The endpoint profile has
profile references that enable and disable FortiClient features and deployment.
You must add a FortiClient installer to the FortiClient EMS before you can select an endpoint profile. You will
select the installer that you created in exercise 1.
© FORTINET
4. On the Schedule tab, specify the installation start time, which should be five minutes from the current time.
5. Continuing on the Schedule tab, disable Reboot when no users are logged in, and keep the default values
for all other settings.
6. On the Credentials tab, in the Username field, type Administrator, and in the Password field, type
password.
7. Click Save.
You can enable and disable security features, such as web filter, antivirus, and application firewall in endpoint
profiles.
© FORTINET
5. Click Save.
You will provision the VPN settings. The VPN profile will be applied to FortiClient when the profile installs on the
endpoint.
4. On the VPN Tunnels tab, click Add Tunnel, and then type the following:
Field Value
Port 10443
© FORTINET
After creating the profile, you must create an endpoint policy to assign the profile and gateway list to domains or
workgroups. When you create an endpoint policy to assign the profile to domains or workgroups, the profile
settings are automatically pushed to the endpoints in the domain or workgroup.
If you do not assign a profile to a specific domain or workgroup, the default profile is automatically applied to the
domain or workgroup.
© FORTINET
The endpoint profile and gateway list are assigned to the endpoint policy. After FortiClient is deployed on the
endpoints, and the endpoints are connected to the FortiClient EMS, you can update the endpoints by editing
the associated profiles.
In this exercise, you will create and test compliance rules. You will also configure FortiGate to create a dynamic
policy for dynamic groups tagged on FortiClient EMS.
Field Value
Status Enable
Type Windows
Assign to All
© FORTINET
You must create an SSO/Identity connector on FortiGate to connect to the Security Fabric.
Field Value
Name EMS-Server
Password Password123
© FORTINET
9. On the FortiGate GUI, click Security Fabric > Fabric Connectors, select EMS-Server, and click Edit to see
the details.
10. Under Connector Settings, click View to see the RUNCALC configured tag.
You must create a dynamic user group and dynamic firewall policy to enforce compliance.
© FORTINET
To create a user group and policy
1. On the FortiGate GUI, click User & Device > User Groups.
2. Click Create New.
3. In the Name field, type RunningCalcPCs.
4. In the Type field, select Fortinet Single Sign-On (FSSO).
5. In the Members field, click +, and select RUNCALC from the list.
6. To add the group, click OK.
On the FortiClient-Laptop VM, make sure that you can reach the Internet by
continuously pinging www.google.com. Do not close the continuous ping window.
7. On the FortiGate GUI, click Policy & Objects > IPv4 Policy.
8. Select the Full_Access policy, click Edit.
9. In the Source field, click +, browse to User, select RunningCalcPCs from the USER GROUP list, and then
click Close.
Leave the remaining settings as they are.
© FORTINET
3. On the FortiClient-Laptop VM, run the calculator while there is no ping. Ping should start after a few more failures.
4. On the FortiClient EMS GUI, click Compliance Verification > Host Tag Monitor, and locate FortiClient-
Laptop.
© FORTINET
5. On the FortiClient-Laptop VM, close the calculator. The ping should stop.
6. On the FortiClient EMS GUI, click Compliance Verification > Host Tag Monitor. There is no endpoint.
In this lab, you will examine the files that are created by running the diagnostic tools of FortiClient and FortiClient
EMS.
Objectives
l Run FortiClient and FortiClient EMS diagnostic tools
Time to Complete
Estimated: 20 minutes
Prerequisites
Before beginning this lab, you must make sure that FortiClient and FortiClient EMS are installed with diagnostic
tools.
In this exercise, you will run FortiClient and FortiClient EMS diagnostic tools on the FortiClient-Laptop and AD
server.
You will run the diagnostic tool on FortiClient endpoints to gather system information.
Before running the diagnostic tool, you must change the FortiClient log level to
DEBUG. On the FortiClient EMS GUI, click Endpoint Profiles > Local Profiles >
Student, click the System Settings tab, and under Log, change the log level to
Debug.
© FORTINET
A command line window opens and the diagnostic tool runs tasks to collect system data.
© FORTINET
Log files are compressed, so to read them, you must extract the files.
The tool starts to run in the background. The file should be available after three keepalive cycles. The default
is 60 seconds for each cycle.
4. Continuing on the FortiClient EMS GUI, click Action, and select Download Available Diagnostics Results to
download the results file.
© FORTINET
5. Click Download again to download the file to the FortiClient EMS server download folder.
You will run the FortiClient EMS diagnostic tool on the AD server to gather information. Before running the tool,
you must change the FortiClient EMS log level to DEBUG.
A command line window opens and the diagnostic tool runs tasks to collect system data.
3. After all tasks are completed, the tool opens the C:\Users\Administrator\AppData\Local\Temp\1
link to show the forticlientems_diagnostic.cab file.
© FORTINET
4. Click the forticlientems_6.2.1.0780_diagnostic.cab file, and search for the SystemInfo.txt, events, and
debug_xx-xx-xxxx files.
5. To review the file content, click these files. When you click a file, a window opens and extracts the file to a
destination. Select Desktop for the destination.
Log files are compressed, so to read them, you must extract the files.
No part of this publication may be reproduced in any form or by any means or used to make any
derivative such as translation, transformation, or adaptation without permission from Fortinet Inc.,
as stipulated by the United States Copyright Act of 1976.
Copyright© 2019 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet,
Inc., in the U.S. and other jurisdictions, and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company
names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and
actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein
represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written
contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified
performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For
absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. In no event does Fortinet make any
commitment related to future deliverables, features, or development, and circumstances may change such that any forward-looking statements herein are not accurate.
Fortinet disclaims in full any covenants, representations,and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify,
transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.