Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

EMS Administration Guide

Windows, macOS, and Linux endpoint licenses

The following are the latest license bundles for FortiClient EMS:

License name

Description

Endpoint Protection Platform (EPP)

Full license that offers all FortiClient features. Includes all features detailed for the Zero Trust Network Access (ZTNA) license, as well as antivirus (AV), antiransomware, antiexploit, cloud-based malware detection, Application Firewall, software inventory, and advanced threat protection via FortiClient Cloud Sandbox.

Zero Trust Network Access

Includes support for Fabric Agent for endpoint telemetry, security posture check via ZTNA tagging, remote access (SSL and IPsec VPN), Vulnerability Scan, Web Filter, threat protection via Sandbox (appliance only) and USB device control.

Each purchased ZTNA license allows management of one FortiClient Windows, macOS, Linux, iOS, Android, or Chromebook endpoint. You must purchase a minimum of 25 endpoint licenses, and you can have these EMS licenses for a maximum five year term. You can specify the number of endpoints and the term duration at time of purchase.

If there is no ZTNA license applied to EMS, no endpoints can register to EMS.

You can purchase different number of EPP and ZTNA licenses. For example, you can purchase 100 EPP licenses and 200 ZTNA licenses. EMS applies licenses to endpoints based on the features that are enabled in the endpoint's assigned profile.

The following shows a more comprehensive comparison between the features included in the EPP and ZTNA licenses:

Feature

EPP

ZTNA

Zero Trust Security

Zero Trust Agent

Yes

Yes

Central management via EMS

Yes

Yes

Dynamic Security Fabric connector

Yes

Yes

Vulnerability agent and remediation

Yes

Yes

SSL VPN with multifactor authentication (MFA)

Yes

Yes

IPsec VPN with MFA

Yes

Yes

Sandbox appliance

Yes

Yes

Next Generation Endpoint Security

AI-powered next generation AV

Yes

 

FortiClient Cloud Sandbox

Yes

 

Automated endpoint quarantine

Yes

 

Application inventory

Yes

 

Application Firewall

Yes

 

Software Inventory

Yes

 

You must purchase a license for each registered endpoint.

Windows, macOS, and Linux endpoint licenses

The following are the latest license bundles for FortiClient EMS:

License name

Description

Endpoint Protection Platform (EPP)

Full license that offers all FortiClient features. Includes all features detailed for the Zero Trust Network Access (ZTNA) license, as well as antivirus (AV), antiransomware, antiexploit, cloud-based malware detection, Application Firewall, software inventory, and advanced threat protection via FortiClient Cloud Sandbox.

Zero Trust Network Access

Includes support for Fabric Agent for endpoint telemetry, security posture check via ZTNA tagging, remote access (SSL and IPsec VPN), Vulnerability Scan, Web Filter, threat protection via Sandbox (appliance only) and USB device control.

Each purchased ZTNA license allows management of one FortiClient Windows, macOS, Linux, iOS, Android, or Chromebook endpoint. You must purchase a minimum of 25 endpoint licenses, and you can have these EMS licenses for a maximum five year term. You can specify the number of endpoints and the term duration at time of purchase.

If there is no ZTNA license applied to EMS, no endpoints can register to EMS.

You can purchase different number of EPP and ZTNA licenses. For example, you can purchase 100 EPP licenses and 200 ZTNA licenses. EMS applies licenses to endpoints based on the features that are enabled in the endpoint's assigned profile.

The following shows a more comprehensive comparison between the features included in the EPP and ZTNA licenses:

Feature

EPP

ZTNA

Zero Trust Security

Zero Trust Agent

Yes

Yes

Central management via EMS

Yes

Yes

Dynamic Security Fabric connector

Yes

Yes

Vulnerability agent and remediation

Yes

Yes

SSL VPN with multifactor authentication (MFA)

Yes

Yes

IPsec VPN with MFA

Yes

Yes

Sandbox appliance

Yes

Yes

Next Generation Endpoint Security

AI-powered next generation AV

Yes

 

FortiClient Cloud Sandbox

Yes

 

Automated endpoint quarantine

Yes

 

Application inventory

Yes

 

Application Firewall

Yes

 

Software Inventory

Yes

 

You must purchase a license for each registered endpoint.