Cloud Deployment Guide

FortiClient 22.1
FORTINET DOCUMENT LIBRARY
https://docs.fortinet.com

FORTINET VIDEO GUIDE

https://video.fortinet.com

FORTINET BLOG
https://blog.fortinet.com

CUSTOMER SERVICE & SUPPORT

https://support.fortinet.com

FORTINET TRAINING & CERTIFICATION PROGRAM

https://www.fortinet.com/training-certification

NSE INSTITUTE
https://training.fortinet.com

FORTIGUARD CENTER
https://www.fortiguard.com

END USER LICENSE AGREEMENT

https://www.fortinet.com/doc/legal/EULA.pdf

FEEDBACK
Email: [email protected]

September 02, 2022

FortiClient 22.1 Cloud Deployment Guide
04-221-777432-20220902
 TABLE OF CONTENTS

Introduction 4
Requirements 4
Licensing 5
Product integration and support 6
Deploying FortiClient Cloud 7
Managing endpoints with FortiClient Cloud 8
Adding a FortiClient deployment package 8
Installing FortiClient on an endpoint and registering to FortiClient Cloud 10
Connecting an endpoint to FortiClient Cloud 11
Adding a new invitation for a deployment package 14
Requesting forensic analysis 15
Managing Chromebooks with FortiClient Cloud 17
Adding a secondary admin account 18
Upgrading FortiClient Cloud 19
Fabric Devices 22
Allowlisting the FortiClient Cloud external IP address 23
Limitations of FortiClient Cloud 24
Privacy 26
Change log 27

FortiClient 22.1 Cloud Deployment Guide 3

Fortinet Inc.
Introduction

A cloud-based SaaS endpoint management service called FortiClient Cloud is available. This is a Fortinet-hosted
EMS solution.
You can execute EMS functions from the cloud-based EMS. You must complete the following steps to create a cloud-
based EMS instance under your FortiCloud user account:
1. Register a FortiClient Cloud subscription to your FortiCloud account.
2. Register a FortiClient license contract for management by FortiClient Cloud to your FortiCloud account.

You can use FortiClient Cloud to manage and provision up to 50000 FortiClient endpoints. You
must use an on-premise EMS to manage more than 50000 endpoints.

You can use FortiClient Cloud to manage the following FortiClient endpoint types:
l Windows
l macOS
l Linux
l iOS
l Android
l Chromebook
FortiClient Cloud 22.1 is running EMS 7.0.

This guide only provides information specific to FortiClient Cloud. For information about EMS
features that this guide does not include, see the EMS Administration Guide.

You can use the FortiClient Cloud Service monitoring site to check the status of the FortiClient
Cloud service and any scheduled maintenance times.

Requirements

The following items are required before you can initialize your FortiClient Cloud instance:

FortiClient 22.1 Cloud Deployment Guide 4

Fortinet Inc.
Introduction

Requirement Description

FortiCloud Create a FortiCloud account if you do not have one and register a FortiClient Cloud subscription to
account with this account. Launching FortiClient Cloud requires a primary FortiCloud account with a FortiClient
FortiClient Cloud Cloud subscription. A primary FortiCloud account with a FortiClient Cloud subscription can invite
subscription other users to launch FortiClient Cloud. Each FortiCloud account that will access FortiClient Cloud
must be registered with its own FortiClient Cloud subscription. See Deploying FortiClient Cloud on
page 7.

Internet access You must have Internet access to create a FortiClient Cloud instance.

Browser Device with a browser to access FortiClient Cloud.

If you are using a new FortiCloud account:

l If the account has a FortiClient Cloud subscription and an endpoint license (ZTNA/VPN or EPP/ATP), you can
launch a FortiClient Cloud instance.
l Licensing FortiClient Cloud does not require a FortiCloud Premium subscription. You can purchase a FortiCloud
Premium license for a trial of FortiClient Cloud. See the FortiCloud datasheet for details.
l If the account has only a FortiClient Cloud subscription, you can launch a FortiClient Cloud instance that can
manage up to three endpoints.
If you are using an existing FortiCloud account with a FortiClient Cloud instance that was launched prior to the FortiClient
Cloud subscription requirement, the FortiClient Cloud instance continues to run without the FortiClient Cloud
subscription.

Licensing

FortiClient Cloud requires the following licenses:

l FortiClient Cloud subscription: Each FortiCloud account that will access FortiClient Cloud must be registered
with its own FortiClient Cloud subscription.
l Per-endpoint or per-user licensing: FortiClient Cloud supports per-endpoint and per-user licensing. You cannot
use both license types on one FortiClient Cloud environment. You must select per-endpoint or per-user licensing.
You must purchase a license for each endpoint or user that FortiClient Cloud will manage. Purchase the following
FortiClient license types from Fortinet. All licenses are available for both per-endpoint and per-user licensing:
l Zero Trust Network Access (ZTNA)

l Endpoint Protection Platform/Advanced Persistent Threat

l Managed Endpoint Security Services

l FortiGuard Endpoint Forensic Analysis.

When registering the license contract, you must specify that the endpoints or users will be managed using
FortiClient Cloud, as Deploying FortiClient Cloud on page 7 describes.
Registering a ZTNA license for FortiClient Cloud management does not support all features supported for on-
premise EMS. See Limitations of FortiClient Cloud on page 24 for the list of supported features.

FortiClient 22.1 Cloud Deployment Guide 5

Fortinet Inc.
Introduction

Product integration and support

FortiClient Cloud supports the following products:

l FortiClient:
l 7.0.0 and later versions

l 6.4.4 and later versions

l FortiOS:
l 7.0.0 and later versions

l 6.4.0 and later versions

l FortiAnalyzer:
l 7.0.0 and later versions

l 6.4.0 and later versions

To import a profile from FortiManager to FortiClient Cloud, FortiManager must be reachable over the public Internet.
FortiClient Cloud is a component of FortiSASE, a cloud-based SaaS service that offers protection for remote, off-net
endpoints. FortiSASE only works with a new FortiClient Cloud instance. You cannot apply a FortiSASE license to an
existing FortiClient Cloud instance. See the FortiSASE documentation.

FortiClient 22.1 Cloud Deployment Guide 6

Fortinet Inc.
Deploying FortiClient Cloud

This topic explains how to deploy FortiClient Cloud. This topic assumes that you have already purchased the desired
subscription licenses for your deployment from a Fortinet partner or reseller and received your license activation codes.

You can create only one FortiClient Cloud instance per FortiCloud account.

To deploy FortiClient Cloud:

1. Register the FortiClient Cloud subscription contract to your FortiCloud account:

a. On the Customer Service & Support site, go to Asset Management > Register Now.
b. In the Registration Code field, enter your license activation code and select Next to continue registering the
product.
c. Enter your details in the other fields and complete the registration. This is a yearly subscription.

You may need to wait a few minutes for the cloud instance to initialize before you can
proceed to step 2 or 3.

2. Register the FortiClient endpoint licenses for management by FortiClient Cloud:

a. On the Customer Service Support site, go to Asset Management > Register Now.
b. In the Registration Code field, enter your license activation code and select Next to continue registering the
product.
c. Select the Used for Cloud Purpose checkbox.
d. Enter your details in the other fields and complete the registration.
3. Access FortiClient Cloud in one of the following ways:
a. Access FortiClient Cloud from FortiCloud.
b. Access FortiClient Cloud from the FortiClient Cloud portal:
i. In a browser, go to the FortiClient Cloud portal.
ii. Log in with your FortiCloud credentials.
c. Access FortiClient Cloud from the link in the welcome email.

If you cannot access the FortiClient Cloud portal, ensure that you enable access to
forticlient.forticloud.com:443. Refer to the list of required services and ports for
FortiClient.

4. When you first log in to FortiClient Cloud, you can select the region to store your FortiClient Cloud data. Select North
America or EMEA.

FortiClient 22.1 Cloud Deployment Guide 7

Fortinet Inc.
Managing endpoints with FortiClient Cloud

Adding a FortiClient deployment package

FortiClient Cloud allows a maximum of ten deployment packages.

To add a deployment package:

1. Go to Manage Installers > Deployment Packages.

2. Click Add.
3. On the Version tab, set the following options:

Installer Type Use an official FortiClient installer or a custom FortiClient installer. See Adding
a custom FortiClient installer for details on uploading a custom installer.

Release Select the FortiClient release version to install.

Patch Select the specific FortiClient patch version to install.

Keep updated to the latest Select to enable FortiClient to automatically update to the latest patch release
patch when FortiClient is installed on an endpoint.

Custom installer Select the desired custom FortiClient installer.

4. Click Next. On the General tab, set the following options:

Name Enter the FortiClient deployment package's name.

Expiry Date Enter this deployment package's expiry date. After this date, users cannot use
this deployment package to install FortiClient.

Notes (Optional) Enter any notes about the FortiClient deployment package.

5. Click Next. On the Features tab, set the following options:

Security Fabric Agent Enabled by default and cannot be disabled. Installs FortiClient with Telemetry
enabled.

Secure Access Architecture Install FortiClient with SSL and IPsec VPN enabled. Disable to omit SSL and
Components IPsec VPN support from the FortiClient deployment package.

Advanced Persistent Threat Install FortiClient with APT components enabled. Disable to omit APT
(APT) Components components from the FortiClient deployment package. Includes FortiSandbox
detection and quarantine features.

FortiClient 22.1 Cloud Deployment Guide 8

Fortinet Inc.
Managing endpoints with FortiClient Cloud

Additional Security Features Enable any of the following features:

l AntiVirus
l Web Filtering
l Application Firewall
l Single Sign-On (SSO) mobility agent
l Cloud Based Malware Outbreak Detection
Disable to exclude features from the FortiClient deployment package.

FortiClient Cloud does not support all the features that an on-premise EMS supports. See
Limitations of FortiClient Cloud on page 24.

6. Click Next. On the Advanced tab, set the following options:

Enable automatic FortiClient automatically connects Telemetry to FortiClient after FortiClient

registration installs on the endpoint. You cannot disable this option.

Enable desktop shortcut Configure the FortiClient deployment package to create a desktop shortcut on
the endpoint.

Enable start menu shortcut Configure the FortiClient deployment package to create a Start menu shortcut
on the endpoint.

Enable Installer ID Configure an installer ID. Select an existing installer ID or enter a new installer
ID. If creating an installer ID, select a group path or create a new group in the
Group Path field. FortiClient automatically groups endpoints according to
installer ID group assignment rules.

Enable Endpoint Profile Select an endpoint profile to include in the installer. EMS applies the profile to
the endpoint once it has installed FortiClient. This option is necessary if it is
required to have certain security features enabled prior to contact with EMS, or
if users require VPN connection to connect to EMS.

7. Click Next. The Telemetry tab displays the hostname and IP address of the FortiClient server, which will manage
FortiClient once it is installed on the endpoint. Also configure the following option:

Enable telemetry connection
to Security Fabric (FortiGate)
Enable this option, and select the name of the gateway list to use. The
gateway list defines the IP address for the FortiGate.
If you have not created a gateway list, select the checkbox, then click the No
telemetry server lists are available, create one here link to create a gateway
list for this deployment package to use. See FortiClient EMS  Administration
Guide for details on configuring a gateway list.

8. Click Finish. The FortiClient deployment package is added to FortiClient and displays on the Manage Installers >
Deployment Packages pane. The deployment package may include .exe (32-bit and 64-bit), .msi, and .dmg files
depending on the configuration.

FortiClient 22.1 Cloud Deployment Guide 9

Fortinet Inc.
 Managing endpoints with FortiClient Cloud

Installing FortiClient on an endpoint and registering to FortiClient

Cloud

To deploy FortiClient to Windows and macOS endpoints:

Deploying FortiClient to Windows and macOS endpoints is the same in FortiClient Cloud as for on-premise EMS. See
Deployment for more details.

To install FortiClient on an endpoint:

When installing FortiClient on an endpoint from a deployment package created in FortiClient Cloud, the administrator
carries out some actions, while the endpoint user carries out others.
1. (Administrator) In EMS, go to Manage Installers > Deployment Packages. Note the invitation code for the desired
deployment package.

2. (Administrator) Go to Invitations in the upper right corner or in Endpoints > Invitations.

3. (Administrator) Select the invitation code that was noted in step 2. Click Edit.
4. (Administrator) Configure the invitation code:
a. (Administrator) To send the code to a single recipient, select Individual. Otherwise, select Bulk.

Sending individual invitation codes is considered best practice, as it can limit any
unexpected endpoints from connecting to FortiClient Cloud.

b. (Administrator) In the Email recipients field, enter the email addresses of the desired end users.
c. (Administrator) If desired, enable Send SMS notifications.
d. (Administrator) In the SMS recipients field, enter the phone numbers of the desired end users.

FortiClient 22.1 Cloud Deployment Guide 10

Fortinet Inc.
Managing endpoints with FortiClient Cloud

e. (Administrator) In the Expiry date field, set the expiry date. Click Save.

5. (Administrator) The email that users receive for an individual invitation code does not include a FortiClient download
link. You must share the installer files with users, or send them the link to FortiClient.com, from where they can
download the installer files.
6. (End user) Install FortiClient on your device. The FortiClient Cloud invitation email or text message that you
received may include a FortiClient download link. Otherwise, your administrator should have provided the installer
files or a link where you can download them.
7. (End user) Your FortiClient may automatically register to FortiClient Cloud after installation. If your FortiClient did
not automatically register to FortiClient Cloud, use the instructions in Connecting an endpoint to FortiClient Cloud on
page 11 to register to FortiClient Cloud.

Connecting an endpoint to FortiClient Cloud

You can use the following instructions to connect to FortiClient Cloud in one of the following scenarios:
l If you want to connect a FortiClient Linux, iOS, or Android endpoint to FortiClient Cloud. Since you cannot create a
deployment package for these operating systems in FortiClient Cloud, this is the only way to register these
endpoints to FortiClient Cloud.
l If your FortiClient did not automatically register to FortiClient Cloud after installation.

To register FortiClient Windows, macOS, or Linux to FortiClient Cloud:

1. If your administrator is using FortiClient Cloud, you should receive an invitation email. Use the link in the invitation
email to download FortiClient to your device.
2. Run the downloaded installer to install FortiClient.
3. After initial installation, FortiClient should automatically register to FortiClient Cloud. If FortiClient does not
automatically register to FortiClient Cloud, enter the invitation code in the Join FortiClient Cloud field on the Zero
Trust Telemetry tab in FortiClient.

FortiClient 22.1 Cloud Deployment Guide 11

Fortinet Inc.
Managing endpoints with FortiClient Cloud

4. Click Connect. Ensure that the Status displays as Connected. FortiClient software is now licensed and activated.

FortiClient 22.1 Cloud Deployment Guide 12

Fortinet Inc.
Managing endpoints with FortiClient Cloud

To register FortiClient iOS or Android to FortiClient Cloud:

1. Tap Connect to, then select FortiClient Cloud.

2. Do one of the following:

a. If using FortiClient (iOS), tap FortiClient Cloud.

FortiClient 22.1 Cloud Deployment Guide 13

Fortinet Inc.
Managing endpoints with FortiClient Cloud

b. If using FortiClient (Android), tap Enter Invitation Code.

3. Enter the invitation code.

FortiClient Cloud is now managing FortiClient.

Adding a new invitation for a deployment package

To add a new invitation for a deployment package:

1. Go to Invitations.
2. Select an existing invitation code for the desired deployment package.
3. Click Add.

FortiClient 22.1 Cloud Deployment Guide 14

Fortinet Inc.
Managing endpoints with FortiClient Cloud

4. To send the code to a single recipient, select Individual. Otherwise, select Bulk.

Sending individual invitation codes is considered best practice, as it can limit any
unexpected endpoints from connecting to FortiClient Cloud.

5. If desired, select Send email notifications.

6. In the Email recipients field, enter the email addresses of the desired end users.
7. If desired, enable Send SMS notifications.
8. (Administrator) In the SMS recipients field, enter the phone numbers of the desired end users.
9. In the Expiry date field, set the expiry date. Click Save. You will see a new invitation code for the deployment
package.

Requesting forensic analysis

The FortiGuard Endpoint Forensic Analysis service provides remote endpoint analysis to help you respond to and
recover from cyber incidents. For each engagement, forensic analysts from Fortinet’s FortiGuard Labs remotely assist in
the collection, examination, and presentation of digital evidence, including a final detailed report.
This feature requires the FortiGuard Endpoint Forensic Analysis license. The following instructions assume that you
have purchased the license and registered it to your FortiCloud account. You can have a maximum of five forensic
analysis requests in progress at a given time.
The endpoint summary displays a Forensics Analysis section, which displays the status and task ID of the endpoint's last
requested analysis.

The following summarizes the possible statuses:

FortiClient 22.1 Cloud Deployment Guide 15

Fortinet Inc.
Managing endpoints with FortiClient Cloud

Status Description

Pending Forensic analysis request has been initiated. The Forensics team has not yet
assigned it to an analyst.

In-progress The Forensics team has assigned the request to an analyst, who has begun
working on it.

Complete The analyst has completed analysis on the endpoint and shared the result in a
PDF document. You can download the report from the Forensics Analysis section
of the endpoint summary.

Failed The analyst could not connect to the endpoint.

Canceled This status indicates one of the following:

l The analyst needed more information about the endpoint to perform the

analysis.
l The EMS administrator canceled the request.

To enable the forensic analysis feature:

1. Go to System Settings > Feature Select.

2. Confirm that FortiGuard Forensics Analysis is enabled.
3. Go to Endpoint Profiles > System Settings.
4. Edit the desired profile.
5. Under Endpoint Control, enable Forensics License. Click Save.

To request forensic analysis on an endpoint:

1. Go to Endpoints > All Endpoints.

2. Select the desired endpoint.
3. Under Forensics Analysis, click Request Analysis.
4. Complete the questionnaire:
a. In the Summary of the Issue field, enter a description of the issue that you are observing on the endpoint.
b. In the Reason of Escalation field, select the desired option, or enter another reason in the Other field.
c. In the First Identified Activity field, enter the date that you first observed the issue.
d. In the Actions Taken to Date field, select any actions you took to resolve this issue.
e. In the Supplementary Logs field, enter the path to logs that you would like the analyst to review.
f. If desired, provide details in the Comment field. Click Next.
5. Click Click to Download to download the forensic installer.
6. Click Finish. The status displays as pending.
7. Run the downloaded installer on the endpoint to install the forensic analysis application. Keep the endpoint
connected to the Internet and online for the next three days. You can uninstall the application after the analysis
completes.

To cancel a forensic analysis request:

1. Go to Endpoints > All Endpoints.

2. Select the desired endpoint.

FortiClient 22.1 Cloud Deployment Guide 16

Fortinet Inc.
Managing endpoints with FortiClient Cloud

3. Under Forensics Analysis, click Cancel Analysis.

4. In the dialog, click Yes. The status changes to canceled.

Managing Chromebooks with FortiClient Cloud

You can use FortiClient Cloud to manage Chromebooks. After you deploy and configure FortiClient Cloud, the Google
Admin console, and the FortiClient Web Filter extension, the products work together to provide web filtering security for
Google Chromebook users logged into the Google domain.

To configure FortiClient Cloud for Chromebook management:

You can configure FortiClient Cloud for Chromebook management by following the instructions in Installation and setup
for managing Chromebooks. While these topics are written for on-premise EMS, they also apply to FortiClient Cloud,
except for one difference. In step 2 of Configuring the FortiClient Web Filter extension, instead of ProfileServerUrl,
the text file must contain the following text:
{
"InvitationCode": { "Value": "<FortiClient invitation code>"},
"SerialNumber": { "Value": "<FortiClient serial number>"}
}

The following provides an example:

{
"InvitationCode": { "Value": "6LY209RIP8NE6J1JR0FIF97LEVJVBKT2"},
"SerialNumber": { "Value": "FCTEMS8820002744"}
}

FortiClient 22.1 Cloud Deployment Guide 17

Fortinet Inc.
Adding a secondary admin account

The FortiClient Cloud primary administrator (the user who created the FortiClient Cloud instance) can add secondary
administrators from their FortiCloud account.

To create a secondary admin account:

1. Log in to Fortinet Service & Support with your FortiCloud account.

2. Click the account icon in the top-right corner.

3. Select Manage User.

4. Click the Add User icon.

5. Enter the user information as required. If the new user does not have a FortiCloud account, they must create one.
Click Save. A user added on this page becomes visible on the FortiClient Cloud GUI in Administrators and can log in
to FortiClient Cloud with their FortiCloud account. These users have limited permissions. For details on configuring
permissions for these administrators, see Admin roles.

FortiClient 22.1 Cloud Deployment Guide 18

Fortinet Inc.
Upgrading FortiClient Cloud

Upgrading FortiClient Cloud

FortiClient Cloud is a SaaS service where Fortinet continuously updates the version for all customers. You can expect
FortiClient Cloud to upgrade two to four weeks after a stable minor GA version release announcement.
Fortinet sends a email notification seven to ten business days prior to the upgrade to remind you that an upgrade is
scheduled. The email includes the upgrade time and version information.

You can also view the upgrade schedule on the FortiClient Cloud portal.
After the upgrade, view your FortiOS connectors to ensure that they are functioning correctly and that the desired
FortiGates are authorized on FortiClient Cloud and vice-versa.

FortiClient 22.1 Cloud Deployment Guide 19

Fortinet Inc.
Upgrading FortiClient Cloud

To reschedule an upgrade:

1. In the FortiClient Cloud portal, go to Upgrade.

2. Click Reschedule Upgrade.

3. In the System Upgrade Time field, select the desired date. You must select a date before the displayed last day to
upgrade. If you need to upgrade on a day after the displayed last day to upgrade, or you want to cancel the upgrade,
contact Fortinet Support.

FortiClient 22.1 Cloud Deployment Guide 20

Fortinet Inc.
Upgrading FortiClient Cloud

4. Click OK.

FortiClient 22.1 Cloud Deployment Guide 21

Fortinet Inc.
Fabric Devices

The Fabric Devices page displays FortiGates that FortiClient Cloud is connected to via the Fortinet Security Fabric. You
must authorize a connection request from a FortiGate to allow Fabric connection between FortiClient Cloud and the
FortiGate.

To configure a Fabric connection between FortiClient Cloud and a FortiGate:

This process involves some actions that the FortiOS administrator takes, and other actions that the FortiClient
Cloud administrator takes.
1. (FortiOS administrator) Configure FortiClient Cloud in Security Fabric > Settings > FortiClient Endpoint
Management System (EMS) in FortiOS.
2. (FortiOS administrator) Confirm the FortiClient Cloud serial number that FortiOS obtains.
3. (FortiClient Cloud administrator) Log in to FortiClient Cloud. FortiClient Cloud prompts you to authorize or deny
Fabric Connector access from that FortiGate. The prompt includes the FortiGate hostname, serial number, and IP
address. Authorize the connection to establish the Fabric connection between FortiClient Cloud and the FortiGate.

FortiClient 22.1 Cloud Deployment Guide 22

Fortinet Inc.
Allowlisting the FortiClient Cloud external IP address

If you want to configure certain options for FortiClient Cloud, you must allowlist the FortiClient Cloud external IP address.
This includes the following options:
l Active Directory integration
l Importing a profile from FortiGate or FortiManager
l SMTP server configuration
When you log in to FortiClient Cloud, go to About on the right panel. The IP address row on this page displays the IP
address that you must allowlist for the listed features.

FortiClient 22.1 Cloud Deployment Guide 23

Fortinet Inc.
Limitations of FortiClient Cloud

You can use FortiClient Cloud to manage and provision up to 50000 FortiClient endpoints. You
must use an on-premise EMS to manage more than 50000 endpoints.

FortiClient Cloud supports the majority of features that on-premise EMS supports.
FortiClient Cloud does not currently support initial FortiClient deployment to AD devices. To use this feature, use on-
premise EMS instead of FortiClient Cloud.
The following provides a comparison between FortiClient Cloud, EMS 7.0, and EMS 6.4:

Feature FortiClient Cloud EMS 7.0

Security Fabric integration

Share endpoint telemetry data with FortiGate connector Updated connector for FortiGate and
FortiGate and FortiAnalyzer FortiAnalyzer

Dynamic access control Yes Yes

Zero Trust tags Yes Yes

FortiSASE support Yes No

Secure remote access

IPsec and SSL VPN agents Yes Yes

SSO Yes Yes

Web Filter

Web Filter Yes Yes

Chromebook support, including Yes Yes

filtering based on keyword searches

Web Filter for FortiClient iOS and Yes Yes

Android

Import web filter policy from FortiOS Yes Yes

Browser plugin support Yes Yes

Browser support depends on the Browser support depends on the
endpoint OS and installed FortiClient endpoint OS and installed FortiClient
version. version.

Endpoint hardening, visibility, and discovery

Vulnerability scan Yes Yes

FortiClient 22.1 Cloud Deployment Guide 24

Fortinet Inc.
Limitations of FortiClient Cloud

Feature FortiClient Cloud EMS 7.0

Patching Yes Yes

Application inventory Yes Yes

Application Firewall Yes Yes

Endpoint protection and prevention

Antimalware Yes (Content pattern recognition Yes (CPRL and machine learning)
language (CPRL) and machine
learning)

Antiexploit Yes Yes

Antiransomware Yes Yes

Application Firewall (SaaS control, Yes Yes

botnet protection)

Fileless malware scanning through Yes Yes

AMSI

Sandbox integration Yes Yes

Deployment and management console

Management console Cloud-based management console On-premise, self-hosted by

hosted by Fortinet customer. Requires a Windows
Server machine

EMS version 7.0 6.4

Supported FortiClient agent versions 7.0, 6.4 7.0, 6.4

AD integration Yes Yes

Supported platforms Windows, macOS, Linux, iOS, Windows, macOS, Linux, iOS,
Android, and Chromebook Android, and Chromebook

Multitenancy No Yes

FortiClient 22.1 Cloud Deployment Guide 25

Fortinet Inc.
Privacy

You can find information around privacy, including the General Data Protection Regulation (GDPR) and the California
Consumer Privacy Act (CCPA) at the following:

Link Description

https://www.fortinet.com/content/dam/fortinet/assets/legal/EULA.pdf End User License Agreement (EULA)

https://www.fortinet.com/corporate/about-us/privacy Privacy Policy. Referenced in the EULA,

contains information for not only the
European Economic Area but for the CCPA
as well.

https://www.fortinet.com/corporate/about-us/gdpr How Fortinet Supports and Complies with

GDPR. As this document mentions, a data
processing agreement can be made
available upon request.

https://www.fortinet.com/solutions/industries/regulatory- Fortinet Solutions for GDPR

compliance/GDPR

https://www.fortinet.com/content/dam/fortinet/assets/solution- STATE-OF-THE-ART DATA

guides/checklist-gdpr.pdf PROTECTION FOR GDPR 7
Considerations and Where Fortinet Can
Help

When registering the FortiClient Cloud license on the FortiCloud portal, you can choose where your instance will reside:
North America or EMEA. See Deploying FortiClient Cloud on page 7.
For questions regarding Fortinet's privacy efforts, contact [email protected].

FortiClient 22.1 Cloud Deployment Guide 26

Fortinet Inc.
Change log

Date Change Description

2022-01-26 Initial release.

2022-02-03 Updated Limitations of FortiClient Cloud on page 24.

2022-02-14 Added Privacy on page 26.

2022-09-02 Added Upgrading FortiClient Cloud on page 19.

FortiClient 22.1 Cloud Deployment Guide 27

Fortinet Inc.
 www.fortinet.com

Copyright© 2022 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein
may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were
attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance
results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract,
signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only
the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal
conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change,
modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.