Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • CLI Reference

    Home FortiADC 7.2.1 CLI Reference
    7.2.1
    7.6.1
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.1.4
    7.1.3
    7.1.2
    7.1.1
    7.1.0
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.1.6
    6.1.5
    6.1.4
    6.1.3
    6.1.2
    6.1.1
    6.1.0
    6.0.2
    6.0.1
    6.0.0
    5.4.5
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.3.0
    4.8.1
    4.7.0

    config endpoint-control fctems

    config endpoint-control fctems

    Use this command to configure FortiClient Endpoint Management Server (EMS) connector entries.

    It is recommended to configure the FortiClient EMS connector entries from the GUI. For more information, see the FortiADC Handbook on the FortiClient EMS Connector.

    The FortiADC Security Fabric device can link to FortiClient Endpoint Management Server (EMS) for endpoint connectors. Up to three EMS servers can be added to the Security Fabric. EMS settings are synchronized between all Fabric members. Once the FortiADC is authorized as a Fabric device in FortiClient EMS, FortiClient EMS automatically synchronizes ZTNA tags, the EMS CA certificate, and FortiClient endpoint information to the FortiADC.

    The FortiClient EMS connector is an integral part of the Zero Trust Network Access (ZTNA) functionality. For more information, see the FortiADC Handbook on ZTNA and How device identity and trust context is established with FortiClient EMS.

    After you complete the configuration with the config endpoint-control fctems command, you must verify the EMS server certificate to authorize the FortiADC as a Fabric Device in FortiClient EMS. To verify the EMS server certificate, use the execute fctems verify command. For details, see execute fctems.

    Once the FortiADC is authorized as a Fabric device in FortiClient EMS, FortiClient EMS automatically synchronizes ZTNA tags, the EMS CA certificate, and FortiClient endpoint information to the FortiADC.

    Requirements:

    • FortiClient EMS running version 7.0.3 or later

    • FortiClient running 7.0.1 or later

    • FortiADC hardware, VM, or cloud platform that support FortiClient EMS.

      FortiClient EMS is supported in most FortiADC platforms but not all of them. The following lists the hardware models, cloud platforms, and VM environments that support FortiClient EMS.

      Hardware models:

      • FAD-120F, FAD-220F, FAD-300F, FAD-400F, FAD-1200F, FAD-2200F, FAD-4200F, FAD-5000F

      Cloud platforms with BYOL (PAYG FortiADC does not support FortiClient EMS):

      • AWS (Amazon Web Services), Microsoft Azure, GCP (Google Cloud Platform), OCI (Oracle Cloud Infrastructure), Alibaba Cloud

      VM environments:

      • VMware, Microsoft Hyper-V, KVM, Citrix Xen, Xen Project Hypervisor
        Note: The most recent certificate embedded license is required. If your license was issued prior to April 2021, please obtain a new certificate embedded license for your VM through Fortinet Customer Service & Support.

    • Read-Write access permission for FortiADC Systems settings

    Syntax

    config endpoint-control fctems

    edit <name>

    set server {string}

    set https-port {integer}

    set capabilities {option1}, {option2}, ...

    set call-timeout {integer}

    set preserve-ssl-session {enable|disable}

    next

    end

    server

    Server IPv4 address or the domain name of the FortiClient EMS FQDN. For example: 192.0.2.1

    https-port

    		 FortiClient EMS HTTPS access port number. Range: 1-65535, default: 443.

    capabilities

    List of EMS capabilities.

    Note: This option is only available in CLI.

    call-timeout

    FortiClient EMS call timeout in seconds. Range: 1-180, default: 30.

    Note: This option is only available in CLI.

    preserve-ssl-session

    Enable/disable preservation of EMS SSL session connection. This is disabled by default.

    Note: This option is only available in CLI.

    Warning: Most users should not touch this setting.

    Example

    config endpoint-control fctems

    edit "EMS-223"

    set server 10.106.3.223

    set https-port 443

    unset capabilities

    set call-timeout 30

    set preserve-ssl-session disable

    next

    end

    Previous
    Next

    config endpoint-control fctems

    config endpoint-control fctems

    Use this command to configure FortiClient Endpoint Management Server (EMS) connector entries.

    It is recommended to configure the FortiClient EMS connector entries from the GUI. For more information, see the FortiADC Handbook on the FortiClient EMS Connector.

    The FortiADC Security Fabric device can link to FortiClient Endpoint Management Server (EMS) for endpoint connectors. Up to three EMS servers can be added to the Security Fabric. EMS settings are synchronized between all Fabric members. Once the FortiADC is authorized as a Fabric device in FortiClient EMS, FortiClient EMS automatically synchronizes ZTNA tags, the EMS CA certificate, and FortiClient endpoint information to the FortiADC.

    The FortiClient EMS connector is an integral part of the Zero Trust Network Access (ZTNA) functionality. For more information, see the FortiADC Handbook on ZTNA and How device identity and trust context is established with FortiClient EMS.

    After you complete the configuration with the config endpoint-control fctems command, you must verify the EMS server certificate to authorize the FortiADC as a Fabric Device in FortiClient EMS. To verify the EMS server certificate, use the execute fctems verify command. For details, see execute fctems.

    Once the FortiADC is authorized as a Fabric device in FortiClient EMS, FortiClient EMS automatically synchronizes ZTNA tags, the EMS CA certificate, and FortiClient endpoint information to the FortiADC.

    Requirements:

    • FortiClient EMS running version 7.0.3 or later

    • FortiClient running 7.0.1 or later

    • FortiADC hardware, VM, or cloud platform that support FortiClient EMS.

      FortiClient EMS is supported in most FortiADC platforms but not all of them. The following lists the hardware models, cloud platforms, and VM environments that support FortiClient EMS.

      Hardware models:

      • FAD-120F, FAD-220F, FAD-300F, FAD-400F, FAD-1200F, FAD-2200F, FAD-4200F, FAD-5000F

      Cloud platforms with BYOL (PAYG FortiADC does not support FortiClient EMS):

      • AWS (Amazon Web Services), Microsoft Azure, GCP (Google Cloud Platform), OCI (Oracle Cloud Infrastructure), Alibaba Cloud

      VM environments:

      • VMware, Microsoft Hyper-V, KVM, Citrix Xen, Xen Project Hypervisor
        Note: The most recent certificate embedded license is required. If your license was issued prior to April 2021, please obtain a new certificate embedded license for your VM through Fortinet Customer Service & Support.

    • Read-Write access permission for FortiADC Systems settings

    Syntax

    config endpoint-control fctems

    edit <name>

    set server {string}

    set https-port {integer}

    set capabilities {option1}, {option2}, ...

    set call-timeout {integer}

    set preserve-ssl-session {enable|disable}

    next

    end

    server

    Server IPv4 address or the domain name of the FortiClient EMS FQDN. For example: 192.0.2.1

    https-port

    		 FortiClient EMS HTTPS access port number. Range: 1-65535, default: 443.

    capabilities

    List of EMS capabilities.

    Note: This option is only available in CLI.

    call-timeout

    FortiClient EMS call timeout in seconds. Range: 1-180, default: 30.

    Note: This option is only available in CLI.

    preserve-ssl-session

    Enable/disable preservation of EMS SSL session connection. This is disabled by default.

    Note: This option is only available in CLI.

    Warning: Most users should not touch this setting.

    Example

    config endpoint-control fctems

    edit "EMS-223"

    set server 10.106.3.223

    set https-port 443

    unset capabilities

    set call-timeout 30

    set preserve-ssl-session disable

    next

    end

    Previous
    Next