The following deployment options for FortiClient EMS are supported: standalone or integrated with FortiGate.
In standalone mode, a FortiGate is not required. In standalone mode, EMS deploys FortiClient software on endpoints, and FortiClient endpoints connect FortiClient Telemetry to EMS to receive configuration information from EMS. EMS also sends compliance verification rules to FortiClient, and use the results from FortiClient to dynamically group endpoints in EMS. EMS is used to deploy, configure, and monitor FortiClient endpoints.
In integrated mode, a FortiGate is required, and NAC is supported. In this scenario, FortiClient Telemetry connects to EMS to receive a profile of configuration information as part of an endpoint policy and to FortiGate to participate in the Fortinet Security Fabric. The FortiGate can also receive dynamic endpoint group lists from EMS and use them to build dynamic firewall policies. Depending on the EMS compliance verification rules and policies configured in FortiOS, the FortiClient endpoint may be blocked from accessing the network.