Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiSASE Administration Guide

    Shifting from FortiClient EMS to FortiSASE

    Shifting from FortiClient EMS to FortiSASE

    I am an existing customer with an EMS on-premise deployment. How can I move my endpoints to FortiSASE?

    FortiSASE includes its own EMS instance as part of the service, which it requires for proper orchestration of the solution. Therefore, customers with an existing EMS solution must shift to using the FortiSASE EMS instance.

    The shift from an existing EMS on-premise deployment to FortiSASE does not preserve EMS configuration because the configuration will be replaced with configuration defined for FortiSASE after the process completes. You must configure endpoint features supported in FortiSASE. See How can I configure FortiSASE for endpoint management?

    The following process allows shifting endpoints from EMS to FortiSASE without the need for a third-party endpoint management system.

    Follow this process:

    1. Contact your Fortinet Sales or Partner contact to perform one of these steps:
      • For an existing FortiClient subscription, such as the FortiClient FortiTrust license, to provide you with assistance with converting it to a FortiSASE user-based Standard, Advanced, Professional, or Comprehensive license
      • For an expired FortiClient subscription, to provide you assistance with purchasing a new FortiSASE user-based license

      See the FortiSASE Ordering Guide.

    2. Once you have a FortiSASE user-based license, contact FortiCare Support Customer Service or open a new Customer Service ticket using the FortiCare Support Portal. The Customer Service team assists you with these steps:
      1. Removing the FortiClient FortiTrust license from your FortiCloud root principal account, which may take up to three business days
      2. Applying the new FortiSASE user-based license to your account
    3. Log in to the FortiSASE portal and provision your instance according to the steps in the Cloud Deployment guide, if you have not provisioned it.
    4. In the FortiSASE portal, obtain the invitation code as follows:
      1. Go to Dashboards > Status.
      2. Under the Remote Users widget, click Onboard Users. If this widget does not exist, click Add Widget and add a new Remote Users widget.
      3. In Onboard Users, under Managed Endpoint Users and under Manual Installer, click the copy icon to the right of Invitation Code to copy the invitation code to the clipboard.

      4. Paste the invitation code to a text file for later use.
    5. In the EMS GUI, move the FortiClient endpoints as follows:
      1. Go to Endpoints.
      2. Select the desired endpoints to move.
      3. Select Action > Switch EMS > Move to Cloud.

      4. In the Switch EMS dialog, in the Invitation Code field, copy and paste the invitation code obtained from FortiSASE.

    6. At this point, FortiSASE must be configured for endpoint management. See How can I configure FortiSASE for endpoint management?

    I am an existing customer with a FortiClient Cloud deployment. What is the path to move to a FortiSASE deployment?

    FortiSASE includes its own instance of EMS as part of the service, and it is required for proper orchestration of the solution. Therefore, customers with an existing FortiClient EMS solution will need to shift to using the FortiSASE instance of EMS.

    Currently, the shift from an existing FortiClient Cloud to FortiSASE does not preserve FortiClient Cloud configuration because it will be replaced with configuration defined for FortiSASE after the process is completed. You must configure endpoint features supported in FortiSASE. See How can I configure FortiSASE for endpoint management?

    The process below should allow endpoints to be shifted from FortiClient Cloud to FortiSASE without the need for a third-party endpoint management system.

    This process should take one business week to complete. During this process, you cannot perform any provisioning of your new FortiSASE instance.

    You must follow this process:

    1. Contact your Fortinet Sales or Partner contact to perform one of these steps:
      • For an existing FortiClient subscription, a.k.a. the FortiClient FortiTrust license, to provide you with assistance with converting it to a FortiSASE user-based Standard, Advanced, Professional, or Comprehensive license
      • For an expired FortiClient subscription, to provide you assistance with purchasing a new FortiSASE user-based license.

      See theFortiSASE Ordering Guide.

    2. Once you have a FortiSASE user-based license, to request the shift from using your FortiClient Cloud instance to using your FortiSASE instance for endpoint management, contact FortiCare Support Customer Service or open a new Customer Service ticket using the FortiCare Support Portal. The Customer Service team will assist you with these steps:
      1. Removing the FortiClient FortiTrust license from your FortiCloud root principal account (may take up to three business days).
      2. Creating a new Technical Support ticket to engage Fortinet technical teams to complete the request on the backend (may take up to two business days).
      3. Applying the new FortiSASE user-based license to your account.
    3. Once the FortiClient Cloud license removal has completed, you will be informed via a Technical Support ticket update to either provision your FortiSASE instance on your own or to provide confirmation that Fortinet can provision your instance on your behalf.
    4. After some time, the telemetry connection of each of the endpoints will be disconnected from FortiClient Cloud and will connect to the FortiSASE instance of EMS.
      • Endpoints should connect to FortiSASE EMS.
      • There is no need to restart FortiClient or the endpoint. Simply wait for the next Telemetry synchronization event, which is typically within 60 seconds.
    5. At this point, FortiSASE must be configured for endpoint management. See How can I configure FortiSASE for endpoint management?

    How can I configure FortiSASE for endpoint management?

    Note

    Shifting from an on-premise EMS or a FortiClient Cloud instance to FortiSASE does not preserve EMS configuration.

    You cannot configure some configuration settings from EMS or FortiClient Cloud in FortiSASE because FortiSASE does not support some FortiClient features. See Supported FortiClient features.

    You must configure endpoint management features in the FortiSASE instance of EMS using the FortiSASE portal. This requires hands-on configuration time with the following options:

    • To perform the configuration themselves, follow these steps:
      1. Review FortiSASE documentation, namely the 4-D FortiSASE Endpoint Management Deployment Guide, for details on configuring endpoint management features.
      2. Purchase an Advanced, Professional, or Comprehensive license and use Assisted Onboarding. See FortiSASE Support Services in the FortiSASE Ordering Guide.
      3. Perform the configuration in FortiSASE by logging in with the root principal email.
    • If you want Fortinet to perform the endpoint management configuration in FortiSASE, purchase Fortinet Professional Services. See FortiSASE Support Services in the FortiSASE Ordering Guide.
    Previous
    Next

    More Links

    FortiSASE Endpoint Management Deployment Guide

    Shifting from FortiClient EMS to FortiSASE

    Shifting from FortiClient EMS to FortiSASE

    I am an existing customer with an EMS on-premise deployment. How can I move my endpoints to FortiSASE?

    FortiSASE includes its own EMS instance as part of the service, which it requires for proper orchestration of the solution. Therefore, customers with an existing EMS solution must shift to using the FortiSASE EMS instance.

    The shift from an existing EMS on-premise deployment to FortiSASE does not preserve EMS configuration because the configuration will be replaced with configuration defined for FortiSASE after the process completes. You must configure endpoint features supported in FortiSASE. See How can I configure FortiSASE for endpoint management?

    The following process allows shifting endpoints from EMS to FortiSASE without the need for a third-party endpoint management system.

    Follow this process:

    1. Contact your Fortinet Sales or Partner contact to perform one of these steps:
      • For an existing FortiClient subscription, such as the FortiClient FortiTrust license, to provide you with assistance with converting it to a FortiSASE user-based Standard, Advanced, Professional, or Comprehensive license
      • For an expired FortiClient subscription, to provide you assistance with purchasing a new FortiSASE user-based license

      See the FortiSASE Ordering Guide.

    2. Once you have a FortiSASE user-based license, contact FortiCare Support Customer Service or open a new Customer Service ticket using the FortiCare Support Portal. The Customer Service team assists you with these steps:
      1. Removing the FortiClient FortiTrust license from your FortiCloud root principal account, which may take up to three business days
      2. Applying the new FortiSASE user-based license to your account
    3. Log in to the FortiSASE portal and provision your instance according to the steps in the Cloud Deployment guide, if you have not provisioned it.
    4. In the FortiSASE portal, obtain the invitation code as follows:
      1. Go to Dashboards > Status.
      2. Under the Remote Users widget, click Onboard Users. If this widget does not exist, click Add Widget and add a new Remote Users widget.
      3. In Onboard Users, under Managed Endpoint Users and under Manual Installer, click the copy icon to the right of Invitation Code to copy the invitation code to the clipboard.

      4. Paste the invitation code to a text file for later use.
    5. In the EMS GUI, move the FortiClient endpoints as follows:
      1. Go to Endpoints.
      2. Select the desired endpoints to move.
      3. Select Action > Switch EMS > Move to Cloud.

      4. In the Switch EMS dialog, in the Invitation Code field, copy and paste the invitation code obtained from FortiSASE.

    6. At this point, FortiSASE must be configured for endpoint management. See How can I configure FortiSASE for endpoint management?

    I am an existing customer with a FortiClient Cloud deployment. What is the path to move to a FortiSASE deployment?

    FortiSASE includes its own instance of EMS as part of the service, and it is required for proper orchestration of the solution. Therefore, customers with an existing FortiClient EMS solution will need to shift to using the FortiSASE instance of EMS.

    Currently, the shift from an existing FortiClient Cloud to FortiSASE does not preserve FortiClient Cloud configuration because it will be replaced with configuration defined for FortiSASE after the process is completed. You must configure endpoint features supported in FortiSASE. See How can I configure FortiSASE for endpoint management?

    The process below should allow endpoints to be shifted from FortiClient Cloud to FortiSASE without the need for a third-party endpoint management system.

    This process should take one business week to complete. During this process, you cannot perform any provisioning of your new FortiSASE instance.

    You must follow this process:

    1. Contact your Fortinet Sales or Partner contact to perform one of these steps:
      • For an existing FortiClient subscription, a.k.a. the FortiClient FortiTrust license, to provide you with assistance with converting it to a FortiSASE user-based Standard, Advanced, Professional, or Comprehensive license
      • For an expired FortiClient subscription, to provide you assistance with purchasing a new FortiSASE user-based license.

      See theFortiSASE Ordering Guide.

    2. Once you have a FortiSASE user-based license, to request the shift from using your FortiClient Cloud instance to using your FortiSASE instance for endpoint management, contact FortiCare Support Customer Service or open a new Customer Service ticket using the FortiCare Support Portal. The Customer Service team will assist you with these steps:
      1. Removing the FortiClient FortiTrust license from your FortiCloud root principal account (may take up to three business days).
      2. Creating a new Technical Support ticket to engage Fortinet technical teams to complete the request on the backend (may take up to two business days).
      3. Applying the new FortiSASE user-based license to your account.
    3. Once the FortiClient Cloud license removal has completed, you will be informed via a Technical Support ticket update to either provision your FortiSASE instance on your own or to provide confirmation that Fortinet can provision your instance on your behalf.
    4. After some time, the telemetry connection of each of the endpoints will be disconnected from FortiClient Cloud and will connect to the FortiSASE instance of EMS.
      • Endpoints should connect to FortiSASE EMS.
      • There is no need to restart FortiClient or the endpoint. Simply wait for the next Telemetry synchronization event, which is typically within 60 seconds.
    5. At this point, FortiSASE must be configured for endpoint management. See How can I configure FortiSASE for endpoint management?

    How can I configure FortiSASE for endpoint management?

    Note

    Shifting from an on-premise EMS or a FortiClient Cloud instance to FortiSASE does not preserve EMS configuration.

    You cannot configure some configuration settings from EMS or FortiClient Cloud in FortiSASE because FortiSASE does not support some FortiClient features. See Supported FortiClient features.

    You must configure endpoint management features in the FortiSASE instance of EMS using the FortiSASE portal. This requires hands-on configuration time with the following options:

    • To perform the configuration themselves, follow these steps:
      1. Review FortiSASE documentation, namely the 4-D FortiSASE Endpoint Management Deployment Guide, for details on configuring endpoint management features.
      2. Purchase an Advanced, Professional, or Comprehensive license and use Assisted Onboarding. See FortiSASE Support Services in the FortiSASE Ordering Guide.
      3. Perform the configuration in FortiSASE by logging in with the root principal email.
    • If you want Fortinet to perform the endpoint management configuration in FortiSASE, purchase Fortinet Professional Services. See FortiSASE Support Services in the FortiSASE Ordering Guide.
    Previous
    Next