EMS supports the following deployment options:
Standalone mode does not require a FortiGate and does not support network access control (NAC). In standalone mode, EMS deploys FortiClient software on endpoints, and FortiClient endpoints connect Telemetry to EMS to receive configuration information from EMS. In standalone mode, you use EMS to deploy, configure, and monitor FortiClient endpoints.
Integrated with FortiGate
Integrated mode requires a FortiGate and supports NAC. In integrated mode, EMS deploys FortiClient software on endpoints, and FortiClient endpoints connect Telemetry to the FortiGate to receive compliance rules. FortiClient endpoints also connect to EMS to be managed. After FortiClient endpoints are connected, compliance rules are downloaded from FortiGate to the endpoint. EMS might also push a profile of FortiClient configuration information to endpoints. FortiClient endpoints are now managed, and NAC is enforced.
FortiClient uses the compliance rules from FortiGate to communicate whether the endpoint is compliant. If an endpoint fails to meet the compliance rules, the steps required to remain compliant are communicated. For more information, see the FortiClient 6.0.8 Administration Guide.