Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • EMS Administration Guide

    Home FortiClient 7.2.3 EMS Administration Guide
    7.2.3
    7.4.1
    7.4.0
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.9
    6.4.8
    6.4.7
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.8
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0

    AD connector

    AD connector

    You can configure an Active Directory (AD) connector that acts as a proxy between the AD server and EMS.

    The following shows an example environment, which consists of the following virtual machines (VM):

    • VM1: EMS
    • VM2: AD server (ems104.com)
    • VM3: AD connector

    In this example, VM2 is connected to a local network with an IP address of 192.168.178.13/24. EMS is connected to a public network with an IP address of 10.71.5.77/24. In this scenario, when you attempt to add the AD server as an authentication server in Administration > Authentication Servers in EMS, it cannot reach the AD server. The AD connector solves this problem. The AD connector has the following network adapters:

    Adapter

    IP address

    Adapter connector

    192.168.78.14

    Adapter data

    192.168.1.105

    Default gateway

    192.168.1.1

    The gateway for adapter data is 192.168.1.1, which is a FortiGate that is connected to the Internet. The AD server cannot directly connect to EMS. EMS cannot access the AD server. The connector serves as a proxy to add the AD server to EMS.

    To configure the AD connector:
    1. Add an API key:
      1. In EMS, go to Administration > Authentication Servers.
      2. Click Connectors.
      3. Click API Keys, then Add. Add a new API key.

    2. Create the AD connector:
      1. You can install the AD connector in a host that EMS and the AD server can reach. On the host machine, from the EMS installation package, run FortiClientEndpointManagementServerADConnector_7.2.3.XXXX_x64.msi.
      2. In the Connect to EMS Configuration dialog, enter the EMS IP address, fully qualified domain name, or account ID in the EMS IP/FQDN/Account ID field.
      3. In the EMS Port field, enter the port number.
      4. In the Connector UID field, enter the desired AD connector UID. Entering a meaningful string to help identify the AD connector is recommended. Do not leave this field blank.
      5. In the Connector Api Key field, enter the API key value.
      6. Click Add Site, and enter the EMS site information. Ensure that a Connection established message displays, then click Next.

    3. Go to Administration > Authentication Servers > Connectors to confirm that you successfully created an AD connector.
    4. Go to Administration > Authentication Servers.
    5. Enable Use Connector.
    6. From the Connector dropdown list, select the AD connector.
    7. Save the configuration. EMS successfully adds the AD server as an authentication server.

    Previous
    Next

    AD connector

    AD connector

    You can configure an Active Directory (AD) connector that acts as a proxy between the AD server and EMS.

    The following shows an example environment, which consists of the following virtual machines (VM):

    • VM1: EMS
    • VM2: AD server (ems104.com)
    • VM3: AD connector

    In this example, VM2 is connected to a local network with an IP address of 192.168.178.13/24. EMS is connected to a public network with an IP address of 10.71.5.77/24. In this scenario, when you attempt to add the AD server as an authentication server in Administration > Authentication Servers in EMS, it cannot reach the AD server. The AD connector solves this problem. The AD connector has the following network adapters:

    Adapter

    IP address

    Adapter connector

    192.168.78.14

    Adapter data

    192.168.1.105

    Default gateway

    192.168.1.1

    The gateway for adapter data is 192.168.1.1, which is a FortiGate that is connected to the Internet. The AD server cannot directly connect to EMS. EMS cannot access the AD server. The connector serves as a proxy to add the AD server to EMS.

    To configure the AD connector:
    1. Add an API key:
      1. In EMS, go to Administration > Authentication Servers.
      2. Click Connectors.
      3. Click API Keys, then Add. Add a new API key.

    2. Create the AD connector:
      1. You can install the AD connector in a host that EMS and the AD server can reach. On the host machine, from the EMS installation package, run FortiClientEndpointManagementServerADConnector_7.2.3.XXXX_x64.msi.
      2. In the Connect to EMS Configuration dialog, enter the EMS IP address, fully qualified domain name, or account ID in the EMS IP/FQDN/Account ID field.
      3. In the EMS Port field, enter the port number.
      4. In the Connector UID field, enter the desired AD connector UID. Entering a meaningful string to help identify the AD connector is recommended. Do not leave this field blank.
      5. In the Connector Api Key field, enter the API key value.
      6. Click Add Site, and enter the EMS site information. Ensure that a Connection established message displays, then click Next.

    3. Go to Administration > Authentication Servers > Connectors to confirm that you successfully created an AD connector.
    4. Go to Administration > Authentication Servers.
    5. Enable Use Connector.
    6. From the Connector dropdown list, select the AD connector.
    7. Save the configuration. EMS successfully adds the AD server as an authentication server.

    Previous
    Next