Fortinet black logo

Administration Guide

FortiGate and EMS integration

FortiGate and EMS integration

In this configuration, FortiClient Telemetry connects to FortiGate to confirm compliance. NAC and compliance are supported. FortiClient Telemetry also connects to EMS to receive a profile of configuration information. This configuration is sometimes called integrated mode.

FortiGate does not provide configuration information for FortiClient and the endpoint. Endpoint users must manually configure FortiClient or an administrator must configure FortiClient using an EMS endpoint profile.

Following is a summary of how the FortiClient Telemetry connection works in integrated mode:

  • FortiClient Telemetry connects to FortiGate. This is the Fabric Telemetry connection.
  • FortiClient Telemetry connects to EMS. This is the Management Telemetry connection.
  • FortiClient connects to FortiGate. Depending on the FortiGate configuration, one of the following happens:
    • FortiGate considers the endpoint compliant if FortiClient is installed and is being managed by the EMS server authorized in FortiOS.
    • FortiClient receives a profile of specific compliance rules from the FortiGate.
  • FortiClient receives a profile of configuration information from EMS.

Administrators should ensure the configuration information from EMS matches the compliance rules set on FortiGate to avoid conflicting settings.

EMS can also import a profile from FortiOS, then push it to FortiClient.

FortiGate and EMS integration

In this configuration, FortiClient Telemetry connects to FortiGate to confirm compliance. NAC and compliance are supported. FortiClient Telemetry also connects to EMS to receive a profile of configuration information. This configuration is sometimes called integrated mode.

FortiGate does not provide configuration information for FortiClient and the endpoint. Endpoint users must manually configure FortiClient or an administrator must configure FortiClient using an EMS endpoint profile.

Following is a summary of how the FortiClient Telemetry connection works in integrated mode:

  • FortiClient Telemetry connects to FortiGate. This is the Fabric Telemetry connection.
  • FortiClient Telemetry connects to EMS. This is the Management Telemetry connection.
  • FortiClient connects to FortiGate. Depending on the FortiGate configuration, one of the following happens:
    • FortiGate considers the endpoint compliant if FortiClient is installed and is being managed by the EMS server authorized in FortiOS.
    • FortiClient receives a profile of specific compliance rules from the FortiGate.
  • FortiClient receives a profile of configuration information from EMS.

Administrators should ensure the configuration information from EMS matches the compliance rules set on FortiGate to avoid conflicting settings.

EMS can also import a profile from FortiOS, then push it to FortiClient.