Fortinet white logo
Fortinet white logo

EMS Administration Guide

Adding endpoints

Adding endpoints

Adding endpoints using an AD domain server

You can manually import endpoints from an AD server. You can import and synchronize information about computer accounts with an LDAP or LDAPS service. You can add endpoints by identifying endpoints that are part of an AD domain server.

The LDAP connection is read-only.

A video on how to add a domain is available in the Fortinet Video Library.

You can add the entire domain or an OU from the domain.

EMS does not support importing subdomains if you have already imported the parent domain in to EMS.

To add endpoints using an AD domain server:
  1. Go to Endpoints > Manage Domains > Add. The Domain pane displays.
  2. Configure the following options:

    IP address/Hostname

    Enter the domain server IP address or hostname.

    Port

    Enter the port number.

    Distinguished name

    Enter the distinguished name (DN) (optional). You must use only capital letters when configuring the DN. You cannot import domains and OUs that have a DN with more than 256 characters.

    Bind type

    Select the bind type: Simple, Anonymous, or Regular. When you select Regular, you must enter the Username and Password.

    Username

    Available when Bind type is set to Regular. Enter the username.

    Password

    Available when Bind type is set to Regular. Enter the user password.

    Show Password

    Available when Bind type is set to Regular. Turn on and off to show or hide the password.

    LDAPS connection

    Enable a secure connection protocol when Bind Type is set to Regular.

    Sync every

    Enter the sync schedule between FortiClient EMS and the domain in minutes. The default is ten minutes.

  3. Click Test to test the domain settings connection.
  4. If the test succeeds, click Save to save the new domain. If not, correct the information as required, then test the settings again.
note icon

After importing endpoints from an AD server, you can move them to custom created groups. These groups are not seen in AD and EMS does not have the ability to modify the AD server in any way. See Managing groups.

Connecting manually from FortiClient

Endpoint users can manually connect FortiClient Telemetry to FortiClient EMS by specifying the IP address for FortiClient EMS in FortiClient. This process is sometimes called registering FortiClient to FortiClient EMS.

To manually connect to EMS from FortiClient:
  1. In FortiClient on the endpoint, go to the Fabric Telemetry tab.
  2. In EMS IP field, enter the EMS IP address, and click Connect. FortiClient connects to FortiClient EMS.

For information about FortiClient, see the FortiClient Administration Guide.

Note

The FortiClient Telemetry gateway port may be appended to the gateway list address on FortiClient and separated by a colon. When the port is not provided, FortiClient attempts to connect to the IP address given using the default port. The default connection port in FortiClient 6.0 and 6.2 is 8013. By default, FortiClient EMS listens for connection on port 8013.

Note

Adding endpoints using an AD domain server is considered best practice. Connecting FortiClient to FortiClient EMS manually is only recommended for troubleshooting purposes.

Adding endpoints

Adding endpoints

Adding endpoints using an AD domain server

You can manually import endpoints from an AD server. You can import and synchronize information about computer accounts with an LDAP or LDAPS service. You can add endpoints by identifying endpoints that are part of an AD domain server.

The LDAP connection is read-only.

A video on how to add a domain is available in the Fortinet Video Library.

You can add the entire domain or an OU from the domain.

EMS does not support importing subdomains if you have already imported the parent domain in to EMS.

To add endpoints using an AD domain server:
  1. Go to Endpoints > Manage Domains > Add. The Domain pane displays.
  2. Configure the following options:

    IP address/Hostname

    Enter the domain server IP address or hostname.

    Port

    Enter the port number.

    Distinguished name

    Enter the distinguished name (DN) (optional). You must use only capital letters when configuring the DN. You cannot import domains and OUs that have a DN with more than 256 characters.

    Bind type

    Select the bind type: Simple, Anonymous, or Regular. When you select Regular, you must enter the Username and Password.

    Username

    Available when Bind type is set to Regular. Enter the username.

    Password

    Available when Bind type is set to Regular. Enter the user password.

    Show Password

    Available when Bind type is set to Regular. Turn on and off to show or hide the password.

    LDAPS connection

    Enable a secure connection protocol when Bind Type is set to Regular.

    Sync every

    Enter the sync schedule between FortiClient EMS and the domain in minutes. The default is ten minutes.

  3. Click Test to test the domain settings connection.
  4. If the test succeeds, click Save to save the new domain. If not, correct the information as required, then test the settings again.
note icon

After importing endpoints from an AD server, you can move them to custom created groups. These groups are not seen in AD and EMS does not have the ability to modify the AD server in any way. See Managing groups.

Connecting manually from FortiClient

Endpoint users can manually connect FortiClient Telemetry to FortiClient EMS by specifying the IP address for FortiClient EMS in FortiClient. This process is sometimes called registering FortiClient to FortiClient EMS.

To manually connect to EMS from FortiClient:
  1. In FortiClient on the endpoint, go to the Fabric Telemetry tab.
  2. In EMS IP field, enter the EMS IP address, and click Connect. FortiClient connects to FortiClient EMS.

For information about FortiClient, see the FortiClient Administration Guide.

Note

The FortiClient Telemetry gateway port may be appended to the gateway list address on FortiClient and separated by a colon. When the port is not provided, FortiClient attempts to connect to the IP address given using the default port. The default connection port in FortiClient 6.0 and 6.2 is 8013. By default, FortiClient EMS listens for connection on port 8013.

Note

Adding endpoints using an AD domain server is considered best practice. Connecting FortiClient to FortiClient EMS manually is only recommended for troubleshooting purposes.