Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    EMS QuickStart Guide

    Home FortiClient 7.4.5 EMS QuickStart Guide
    7.4.5
    7.4.5
    7.4.4
    7.4.3
    7.4.1
    7.4.0
    7.2.13
    7.2.12
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.9
    6.4.8
    6.4.7
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.8
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0

    Installing EMS in standalone mode with a local DB

    Installing EMS in standalone mode with a local DB

    The following provides instructions for installing EMS in standalone mode with a local database and assumes that you have a machine with Linux installed. You can install EMS in other scenarios, such as high availability, with a remote database, and so on. See Installation.

    Installing EMS on Red Hat Enterprise Linux (RHEL) requires an active Red Hat subscription.
    To install standalone EMS:
    1. Download the forticlientems_7.4.5.2111.M.arm64.bin or forticlientems_7.4.5.2111.M.amd64.bin file from the Fortinet Support site.
    2. Run sudo -i to log in to the shell with root privileges.
    3. Change permissions and add execute permissions to the installation file:

      chmod +x forticlientems_7.4.5.2111.M.XXX64.bin

    4. Set umask to 022 if the existing umask setting is more restrictive.

    5. If you are installing EMS on Red Hat Enterprise Linux (RHEL) 9, do one of the following. :

      • If you are installing EMS on RHEL on Azure, run the following:
        sudo dnf repolist enabled

        Verify if codeready-builder-for-rhel-9-x86_64-eus-rhui-rpms is in the list. If it is in the list, it is enabled. If it is not in the list, then run the following:

        sudo subscription-manager repos --enable codeready-builder-for-rhel-9-x86_64-eus-rhui-rpms

        Run the following commands:

        sudo dnf install -y https://download.postgresql.org/pub/repos/yum/reporpms/EL-$(rpm -E %rhel)-$(uname -m)/pgdg-redhat-repo-latest.noarch.rpm
sudo dnf config-manager --disable pgdg17 pgdg16
sudo dnf install -y https://rpms.remirepo.net/enterprise/remi-release-$(rpm -q --qf "%{VERSION}\n" redhat-release).rpm
sudo curl -o /etc/pki/rpm-gpg/RPM-GPG-KEY-remi2021 https://rpms.remirepo.net/RPM-GPG-KEY-remi2021
sudo rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-remi2021
sudo ln -sf /etc/pki/rpm-gpg/RPM-GPG-KEY-remi2021 /etc/pki/rpm-gpg/RPM-GPG-KEY-remi.el$(rpm -q --qf "%{VERSION}\n" redhat-release)

      • If you are installing EMS on RHEL on AWS, run the following command:

        sudo dnf config-manager --set-enabled codeready-builder-for-rhel-9-rhui-rpms
    6. Run the following command to install EMS:

      ./forticlientems_7.4.5.2111.M.XXX64.bin -- --allowed_hosts '*' --enable_remote_https

      Run the installer to and from any directory other than /tmp. Running the installer to or from /tmp causes issues.

    7. After installation completes, check that all EMS services are running by entering the following command:

      systemctl --all --type=service | grep -E 'fcems|apache|redis|postgres'

      The output shows that postgresql.service status displays as exited. This is the expected status. EMS does not create this service, which only exists to pass commands to version-specific Postgres services. It displays as part of the output as the command filters for all services that contain "postgres" in the name.

    8. Access the EMS GUI and log in.
    9. If after initially installing EMS 7.4.5 you need to upgrade to a newer build, repeat the process with the new installation file.

    Configuring the IP address

    After deploying EMS in standalone mode, you may want to configure the IP address. Refer to one of the following procedures, depending on your platform.

    An alternative way to configure the IP address is using the emscli tool:

    Ubuntu:

    On Ubuntu, you configure the IP address by modifying the Netplan configuration files.

    1. On the Ubuntu machine, locate the Netplan configuration files. Ubuntu stores Netplan configuration files in /etc/netplan. The files typically have a .yaml extension, such as 01-netcfg.yaml or 50-cloud-init.yaml. Run the following to list the files:
      ls /etc/netplan/
    2. Use a text editor such as nano or vim to open the yaml file for editing:
      sudo nano /etc/netplan/01-netcfg.yaml
    3. In the yaml file, find the section for your desired network interface. Do one of the following:
      • If you are using a static IP address, modify the file, setting addresses with your desired static IP address and subnet mask. Update the IP address under routes: - to: default via: with your desired gateway, and modify nameservers with search domains as needed. The following provides an example configuration where the static IP address is 192.168.1.100/24:
        network:
    version: 2
    renderer: networkd
    ethernets:
        enp3s0:
            addresses:
                - 192.168.1.100/24
            nameservers:
                addresses: [8.8.8.8, 1.1.1.1]
		 search: [mydomain1.local, mydomain2.local]
            routes:
                - to: default
                  via: 192.168.1.1
      • If you are using DHCP, ensure that dhcp4 is set to yes. The following provides an example configuration:
        network:
  version: 2
  renderer: networkd
  ethernets:
    enp0s3:
      dhcp4: yes
    4. Before applying the changes permanently, run the following to test the configuration. This command temporarily applies the configuration and gives you 120 seconds to confirm the changes. If the configuration does not work, it rolls back automatically.
      sudo netplan try
    5. If the test succeeds, apply the changes permanently:
      sudo netplan apply
    6. To verify the configuration, check that the IP address is updated as you configured:
      ip addr show

    RHEL:

    You can utilize several methods to configure a network interface with a static IP address on Red Hat Enterprise Linux (RHEL) 9. The following approach uses the nmcli command-line tool, which allows you to manage network connections from the command line.

    1. Run the following command to list all network interfaces and identify the one you want to configure:

      nmcli device status

    2. Modify the connection using the following command (this example modifies the interface enp0s3):

      sudo nmcli con mod 'enp0s3' ipv4.method manual ipv4.addresses 192.168.1.100/24 ipv4.gateway 192.168.1.1 ipv4.dns "8.8.8.8 8.8.4.4"

      Replace enp0s3 with your actual interface name and adjust the IP address, gateway, and DNS servers as per your network configuration.

    3. Apply the network interface changes by restarting the connection using the following command:

      sudo nmcli con down 'enp0s3' && sudo nmcli con up 'enp0s3'

    4. Verify the IP configuration using the following commands:

      ip addr show enp0s3
ip route show

    CentOS:

    To configure the IP address on CentOS:

    1. Run the following command to list all network interfaces and identify the one you want to configure:

      nmcli connection show

    2. Modify the connection to set a static IP address using the following commands (this example modifies the interface enp0s3):

      sudo nmcli connection modify enp0s3 \
ipv4.method manual \
ipv4.addresses 192.168.1.100/24 \
ipv4.gateway 192.168.1.1 \
ipv4.dns "8.8.8.8 8.8.4.4" \
connection.autoconnect yes

      Replace enp0s3 with your actual interface name and adjust the IP address, gateway, and DNS servers as per your network configuration.

    3. Apply the network interface changes by restarting the connection using the following command:

      sudo nmcli connection down enp0s3 && sudo nmcli connection up enp0s3

    4. Verify the IP configuration using the following commands:

      ip addr show enp0s3
ip route show
    Previous
    Next

    Installing EMS in standalone mode with a local DB

    Installing EMS in standalone mode with a local DB

    The following provides instructions for installing EMS in standalone mode with a local database and assumes that you have a machine with Linux installed. You can install EMS in other scenarios, such as high availability, with a remote database, and so on. See Installation.

    Installing EMS on Red Hat Enterprise Linux (RHEL) requires an active Red Hat subscription.
    To install standalone EMS:
    1. Download the forticlientems_7.4.5.2111.M.arm64.bin or forticlientems_7.4.5.2111.M.amd64.bin file from the Fortinet Support site.
    2. Run sudo -i to log in to the shell with root privileges.
    3. Change permissions and add execute permissions to the installation file:

      chmod +x forticlientems_7.4.5.2111.M.XXX64.bin

    4. Set umask to 022 if the existing umask setting is more restrictive.

    5. If you are installing EMS on Red Hat Enterprise Linux (RHEL) 9, do one of the following. :

      • If you are installing EMS on RHEL on Azure, run the following:
        sudo dnf repolist enabled

        Verify if codeready-builder-for-rhel-9-x86_64-eus-rhui-rpms is in the list. If it is in the list, it is enabled. If it is not in the list, then run the following:

        sudo subscription-manager repos --enable codeready-builder-for-rhel-9-x86_64-eus-rhui-rpms

        Run the following commands:

        sudo dnf install -y https://download.postgresql.org/pub/repos/yum/reporpms/EL-$(rpm -E %rhel)-$(uname -m)/pgdg-redhat-repo-latest.noarch.rpm
sudo dnf config-manager --disable pgdg17 pgdg16
sudo dnf install -y https://rpms.remirepo.net/enterprise/remi-release-$(rpm -q --qf "%{VERSION}\n" redhat-release).rpm
sudo curl -o /etc/pki/rpm-gpg/RPM-GPG-KEY-remi2021 https://rpms.remirepo.net/RPM-GPG-KEY-remi2021
sudo rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-remi2021
sudo ln -sf /etc/pki/rpm-gpg/RPM-GPG-KEY-remi2021 /etc/pki/rpm-gpg/RPM-GPG-KEY-remi.el$(rpm -q --qf "%{VERSION}\n" redhat-release)

      • If you are installing EMS on RHEL on AWS, run the following command:

        sudo dnf config-manager --set-enabled codeready-builder-for-rhel-9-rhui-rpms
    6. Run the following command to install EMS:

      ./forticlientems_7.4.5.2111.M.XXX64.bin -- --allowed_hosts '*' --enable_remote_https

      Run the installer to and from any directory other than /tmp. Running the installer to or from /tmp causes issues.

    7. After installation completes, check that all EMS services are running by entering the following command:

      systemctl --all --type=service | grep -E 'fcems|apache|redis|postgres'

      The output shows that postgresql.service status displays as exited. This is the expected status. EMS does not create this service, which only exists to pass commands to version-specific Postgres services. It displays as part of the output as the command filters for all services that contain "postgres" in the name.

    8. Access the EMS GUI and log in.
    9. If after initially installing EMS 7.4.5 you need to upgrade to a newer build, repeat the process with the new installation file.

    Configuring the IP address

    After deploying EMS in standalone mode, you may want to configure the IP address. Refer to one of the following procedures, depending on your platform.

    An alternative way to configure the IP address is using the emscli tool:

    Ubuntu:

    On Ubuntu, you configure the IP address by modifying the Netplan configuration files.

    1. On the Ubuntu machine, locate the Netplan configuration files. Ubuntu stores Netplan configuration files in /etc/netplan. The files typically have a .yaml extension, such as 01-netcfg.yaml or 50-cloud-init.yaml. Run the following to list the files:
      ls /etc/netplan/
    2. Use a text editor such as nano or vim to open the yaml file for editing:
      sudo nano /etc/netplan/01-netcfg.yaml
    3. In the yaml file, find the section for your desired network interface. Do one of the following:
      • If you are using a static IP address, modify the file, setting addresses with your desired static IP address and subnet mask. Update the IP address under routes: - to: default via: with your desired gateway, and modify nameservers with search domains as needed. The following provides an example configuration where the static IP address is 192.168.1.100/24:
        network:
    version: 2
    renderer: networkd
    ethernets:
        enp3s0:
            addresses:
                - 192.168.1.100/24
            nameservers:
                addresses: [8.8.8.8, 1.1.1.1]
		 search: [mydomain1.local, mydomain2.local]
            routes:
                - to: default
                  via: 192.168.1.1
      • If you are using DHCP, ensure that dhcp4 is set to yes. The following provides an example configuration:
        network:
  version: 2
  renderer: networkd
  ethernets:
    enp0s3:
      dhcp4: yes
    4. Before applying the changes permanently, run the following to test the configuration. This command temporarily applies the configuration and gives you 120 seconds to confirm the changes. If the configuration does not work, it rolls back automatically.
      sudo netplan try
    5. If the test succeeds, apply the changes permanently:
      sudo netplan apply
    6. To verify the configuration, check that the IP address is updated as you configured:
      ip addr show

    RHEL:

    You can utilize several methods to configure a network interface with a static IP address on Red Hat Enterprise Linux (RHEL) 9. The following approach uses the nmcli command-line tool, which allows you to manage network connections from the command line.

    1. Run the following command to list all network interfaces and identify the one you want to configure:

      nmcli device status

    2. Modify the connection using the following command (this example modifies the interface enp0s3):

      sudo nmcli con mod 'enp0s3' ipv4.method manual ipv4.addresses 192.168.1.100/24 ipv4.gateway 192.168.1.1 ipv4.dns "8.8.8.8 8.8.4.4"

      Replace enp0s3 with your actual interface name and adjust the IP address, gateway, and DNS servers as per your network configuration.

    3. Apply the network interface changes by restarting the connection using the following command:

      sudo nmcli con down 'enp0s3' && sudo nmcli con up 'enp0s3'

    4. Verify the IP configuration using the following commands:

      ip addr show enp0s3
ip route show

    CentOS:

    To configure the IP address on CentOS:

    1. Run the following command to list all network interfaces and identify the one you want to configure:

      nmcli connection show

    2. Modify the connection to set a static IP address using the following commands (this example modifies the interface enp0s3):

      sudo nmcli connection modify enp0s3 \
ipv4.method manual \
ipv4.addresses 192.168.1.100/24 \
ipv4.gateway 192.168.1.1 \
ipv4.dns "8.8.8.8 8.8.4.4" \
connection.autoconnect yes

      Replace enp0s3 with your actual interface name and adjust the IP address, gateway, and DNS servers as per your network configuration.

    3. Apply the network interface changes by restarting the connection using the following command:

      sudo nmcli connection down enp0s3 && sudo nmcli connection up enp0s3

    4. Verify the IP configuration using the following commands:

      ip addr show enp0s3
ip route show
    Previous
    Next