Enabling Remote Management With Fortimanager - Fortinet Version 4.0 MR1 Administration Manual

Managing FortiClient with FortiManager

Enabling Remote Management with FortiManager

Configuring central management by specified FortiManager units
18
Network administrators can use FortiManager to manage FortiClient installations across a
network. This enables the administrator to apply a consistent FortiClient configuration for
all users. Managed FortiClient computer receive push updates for antivirus signatures.
To enable remote management using FortiManager, you must create a transform that
changes the values of specific properties within the installer.
To enable remote management
1 Create a new, or edit an existing, MSI transform file.
2 Open the Property table and change the value of FMGRENABLED from 0 to 1.
3 Change the property FMGTRUSTEDIPS to the IP address(es) of the FortiManager(s)
that FortiClient will accept commands from.
The addresses can be specified as individual IP address, IP address ranges, or
subnets. You can specify a mixed list of addresses, ranges and subnets by separating
each value with a comma. For example:
Property Name
TRUSTEDIPS
TRUSTEDIPS
TRUSTEDIPS
TRUSTEDIPS
4 Optionally, you can specify the IP address of your FortiManager device at installation
time by setting the value of the property FMGRIP to the IP address of your
FortiManager device. The address specified in FMGRIP is automatically trusted and
does not need to be added to the FMGTRUSTEDIPS value.
Using installer command line options, you can specify the IP address of one or more
FortiManager units that will control the FortiClient configuration.
The command-line options are as follows:
FMGRENABLED=1
FMGRIP=<FM_IP_Primary>
If there are multiple FortiManager units that could manage this FortiClient PC, add the
following option.
FMGRTRUSTEDIPS=<FM_IP1>,<FM_IP2>,...
<FM_IP1>,<FM_IP2>, and so on can be individual IP addresses, IP address ranges or
subnets. You can omit the FMGRIP option if the primary FortiManager unit IP address is
included as a single IP address in the FMGTRUSTEDIPS option.
For a complete list of installer public properties that can be specified when installing
FortiClient, see "Appendix A: Installer Public Properties"
Example command lines for the .exe package
For a FortiClient PC centrally managed by a FortiManager unit on IP address
172.16.100.5, the installation command line is:
FortiClientSetup /v"FMGRENABLED=1 FMGRIP=172.16.100.5"
Property Value Meaning
172.16.90.83 (trust a single IP address only)
172.18.2.0/255.255.255.0 (trust a subnet)
172.16.3.1-172.16.3.50 (trust an IP address range)
172.16.90.83,172.18.2.0/255.255.255.0,
172.16.3.1-172.16.3.50 (all the above)
This enables FortiManager central management.
This specifies the primary (or only) FortiManager unit.
FortiClient Endpoint Security Version 4.0 MR1 Administration Guide
Custom Installer Packages
for more information.
04-40001-99556-20090626
http://docs.fortinet.com/ • Feedback