Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • EMS Administration Guide

    Home FortiClient 7.4.1 EMS Administration Guide
    7.4.1
    7.4.1
    7.4.0
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.9
    6.4.8
    6.4.7
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.8
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0

    Appendix A - FortiClient EMS services

    Appendix A - FortiClient EMS services

    The following lists FortiClient EMS services:

    Critical severity

    Service

    Description
    apache2 Serves the EMS administration console and the APIs that FortiOS uses to get endpoint and posture information.
    fcems_chromebook Processes requests and serves profiles to Chromebook endpoints.
    fcems_das Allows most processes to access and cache endpoint-related data. When this service is down, processing requests from endpoints results in error.
    fcems_ecsocksrv Receives connections from endpoints and routes their requests to other processes within EMS. If this process is down, endpoints cannot communicate with EMS.
    fcems_ka Processes heartbeat requests from endpoints and pushes profile changes and commands to be executed on the endpoints (vuln scan, AV scan, etc.)
    fcems_monitor Ensures EMS services are running and restarts ones that are down. It also can restart running services when it detects settings that affect those services have changed to ensure they use the latest settings.
    fcems_notify Notifies FortiOS when there are important changes in the endpoints.
    fcems_pgbouncer Database connection pooler. This is where all EMS processes except apache2 connect to to connect to the database.
    fcems_probe Handles probe requests, which are tests that endpoints perform to ensure they are talking to a supported EMS. When this service is down, new endpoints cannot connect to EMS and existing endpoints cannot reconnect.
    fcems_reg Handles registration requests from endpoints.
    fcems_tag Processes network change requests from endpoints. When down, network changes that affect the endpoint's posture may take longer for EMS to realized and inform FortiOS of.
    fcems_wspgbouncer Exclusive database connection pooler for the webserver (apache2).
    fcems_ztna Provides some APIs that FortiOS consumes to get information on endpoints and posture.

    Medium severity

    Service

    Description
    fcems_adconnector Connects and pulls data from Active Directory (AD) or Microsoft Entra ID to add to EMS.
    fcems_addaemon Parses AD information and links it to existing endpoints or adds new devices, groups, and users pulled from those directories to EMS.
    fcems_adtask Performs periodical syncs to get updates from AD added to EMS.
    fcems_deploy Schedules deployment of FortiClient upgrades to eligible endpoints.
    fcems_sip Processes software inventory lists that endpoints uploads and checks for potentially unwanted applications.
    fcems_task Performs schedule tasks for license maintenance, such as removing seats from endpoints that have not connected to EMS in a long time, and other functions, such as revoking expired zero trust network access (ZTNA) certificates.
    fcems_update Downloads updates from FortiGuard distribution servers (FDS) and other Fortinet systems. This includes FortiClient installer lists and vulnerability and signature information.
    fcems_upload

    Processes data uploads from endpoints. Uploads can be any of the following:

    • Endpoint logs
    • Endpoint diagnostics
    • Software inventory
    • Alerts:
      • Web Filter
      • Antivirus
      • Firewall
    • Vulnerability Scan results
    redis Used by most other services for caching and inter-process communication.

    Low severity

    Service

    Description
    fcems_adevtsrv If syncing AD to EMS using a remote connector, this process parses the connector's requests.
    fcems_dbop Performs database-related tasks, such as site database creation, deletion, update, backup, and restore.
    fcems_forensics Integrates with the Forensics platform to pull updates from Forensics tickets associated with any of the endpoints under management.
    fcems_ftntdbimporter Decodes and imports signature and vulnerability databases downloaded from FDS.
    fcems_installer Interfaces with the FortiCloud repackaging services to generate installers with the EMS configuration.
    fcems_mdmproxy Integrates with mobile device management (MDM) platforms to exchange information about mobile endpoints.
    fcems_scep Serves ZTNA certificates for mobile endpoints that MDM platforms manage.
    Previous
    Next

    Appendix A - FortiClient EMS services

    Appendix A - FortiClient EMS services

    The following lists FortiClient EMS services:

    Critical severity

    Service

    Description
    apache2 Serves the EMS administration console and the APIs that FortiOS uses to get endpoint and posture information.
    fcems_chromebook Processes requests and serves profiles to Chromebook endpoints.
    fcems_das Allows most processes to access and cache endpoint-related data. When this service is down, processing requests from endpoints results in error.
    fcems_ecsocksrv Receives connections from endpoints and routes their requests to other processes within EMS. If this process is down, endpoints cannot communicate with EMS.
    fcems_ka Processes heartbeat requests from endpoints and pushes profile changes and commands to be executed on the endpoints (vuln scan, AV scan, etc.)
    fcems_monitor Ensures EMS services are running and restarts ones that are down. It also can restart running services when it detects settings that affect those services have changed to ensure they use the latest settings.
    fcems_notify Notifies FortiOS when there are important changes in the endpoints.
    fcems_pgbouncer Database connection pooler. This is where all EMS processes except apache2 connect to to connect to the database.
    fcems_probe Handles probe requests, which are tests that endpoints perform to ensure they are talking to a supported EMS. When this service is down, new endpoints cannot connect to EMS and existing endpoints cannot reconnect.
    fcems_reg Handles registration requests from endpoints.
    fcems_tag Processes network change requests from endpoints. When down, network changes that affect the endpoint's posture may take longer for EMS to realized and inform FortiOS of.
    fcems_wspgbouncer Exclusive database connection pooler for the webserver (apache2).
    fcems_ztna Provides some APIs that FortiOS consumes to get information on endpoints and posture.

    Medium severity

    Service

    Description
    fcems_adconnector Connects and pulls data from Active Directory (AD) or Microsoft Entra ID to add to EMS.
    fcems_addaemon Parses AD information and links it to existing endpoints or adds new devices, groups, and users pulled from those directories to EMS.
    fcems_adtask Performs periodical syncs to get updates from AD added to EMS.
    fcems_deploy Schedules deployment of FortiClient upgrades to eligible endpoints.
    fcems_sip Processes software inventory lists that endpoints uploads and checks for potentially unwanted applications.
    fcems_task Performs schedule tasks for license maintenance, such as removing seats from endpoints that have not connected to EMS in a long time, and other functions, such as revoking expired zero trust network access (ZTNA) certificates.
    fcems_update Downloads updates from FortiGuard distribution servers (FDS) and other Fortinet systems. This includes FortiClient installer lists and vulnerability and signature information.
    fcems_upload

    Processes data uploads from endpoints. Uploads can be any of the following:

    • Endpoint logs
    • Endpoint diagnostics
    • Software inventory
    • Alerts:
      • Web Filter
      • Antivirus
      • Firewall
    • Vulnerability Scan results
    redis Used by most other services for caching and inter-process communication.

    Low severity

    Service

    Description
    fcems_adevtsrv If syncing AD to EMS using a remote connector, this process parses the connector's requests.
    fcems_dbop Performs database-related tasks, such as site database creation, deletion, update, backup, and restore.
    fcems_forensics Integrates with the Forensics platform to pull updates from Forensics tickets associated with any of the endpoints under management.
    fcems_ftntdbimporter Decodes and imports signature and vulnerability databases downloaded from FDS.
    fcems_installer Interfaces with the FortiCloud repackaging services to generate installers with the EMS configuration.
    fcems_mdmproxy Integrates with mobile device management (MDM) platforms to exchange information about mobile endpoints.
    fcems_scep Serves ZTNA certificates for mobile endpoints that MDM platforms manage.
    Previous
    Next