Fortinet white logo
Fortinet white logo

Cookbook

FortiClient EMS

FortiClient EMS

The FortiGate Security Fabric root device can link to FortiClient Endpoint Management System (EMS) and FortiClient EMS Cloud (a cloud-based EMS solution) for endpoint connectors and automation. Up to three EMS servers can be added on the global Security Fabric settings page, including on FortiClient EMS Cloud server. EMS settings are synchronized between all fabric members.

To enable cloud-based EMS services, FortiGate must be registered to FortiCloud with an appropriate user account.

Note

If you disable FortiClient Endpoint Management System (EMS) on the Security Fabric > Settings page, all previously configured EMS server entries will be deleted.

To add a FortiClient EMS server to the Security Fabric in the CLI:
config endpoint-control fctems
    edit <ems_name>
        set server <ip_address>
        set serial-number <string>
        set admin-username <string>
        set admin-password <string>
        set https-port <integer>
        set source-ip <ip_address>
    next
end

The https-port is the EMS HTTPS access port number, and the source-ip is the REST API call source IP address.

To add a FortiClient EMS Cloud server to the Security Fabric in the CLI:
  1. Enable authentication of FortiClient EMS Cloud through a FortiCloud account:
    config endpoint-control fctems
        edit <name>
            set fortinetone-cloud-authentication enable
        next
    end
  2. Create a FortiClient EMS Cloud server connection:
    config user fsso
        edit "cloud_ems_fsso_connector"
            set type fortiems-cloud
            set password ******
            set source-ip <class_ip>
        next
    end
To add both a cloud-based and an on-premise FortiClient EMS server to the Security Fabric in the GUI:
  1. To enable endpoint control, on the root FortiGate, go to System > Feature Visibility and enable Endpoint Control.
  2. Go to Security Fabric > Settings.
  3. Enable FortiClient Endpoint Management System (EMS).
  4. Add an EMS server.
  5. Set EMS Type to EMS Cloud.
  6. Enter a name, such as cloud_ems.

  7. Add another EMS server.
  8. Set EMS Type to EMS.
  9. Enter a name, such as ems136.
  10. Enter server's IP address, admin user name, and admin password. Optionally, you can also change the HTTPS port.

  11. Click Apply.

    FortiClient EMS fabric connectors are automatically created for the EMS servers.

To test connectivity with the EMS server:
  1. Go to Security Fabric > Settings and go to the FortiClient Endpoint Management System (EMS) section.
  2. In the Connection status field, click Test Connectivity.

FortiClient EMS

FortiClient EMS

The FortiGate Security Fabric root device can link to FortiClient Endpoint Management System (EMS) and FortiClient EMS Cloud (a cloud-based EMS solution) for endpoint connectors and automation. Up to three EMS servers can be added on the global Security Fabric settings page, including on FortiClient EMS Cloud server. EMS settings are synchronized between all fabric members.

To enable cloud-based EMS services, FortiGate must be registered to FortiCloud with an appropriate user account.

Note

If you disable FortiClient Endpoint Management System (EMS) on the Security Fabric > Settings page, all previously configured EMS server entries will be deleted.

To add a FortiClient EMS server to the Security Fabric in the CLI:
config endpoint-control fctems
    edit <ems_name>
        set server <ip_address>
        set serial-number <string>
        set admin-username <string>
        set admin-password <string>
        set https-port <integer>
        set source-ip <ip_address>
    next
end

The https-port is the EMS HTTPS access port number, and the source-ip is the REST API call source IP address.

To add a FortiClient EMS Cloud server to the Security Fabric in the CLI:
  1. Enable authentication of FortiClient EMS Cloud through a FortiCloud account:
    config endpoint-control fctems
        edit <name>
            set fortinetone-cloud-authentication enable
        next
    end
  2. Create a FortiClient EMS Cloud server connection:
    config user fsso
        edit "cloud_ems_fsso_connector"
            set type fortiems-cloud
            set password ******
            set source-ip <class_ip>
        next
    end
To add both a cloud-based and an on-premise FortiClient EMS server to the Security Fabric in the GUI:
  1. To enable endpoint control, on the root FortiGate, go to System > Feature Visibility and enable Endpoint Control.
  2. Go to Security Fabric > Settings.
  3. Enable FortiClient Endpoint Management System (EMS).
  4. Add an EMS server.
  5. Set EMS Type to EMS Cloud.
  6. Enter a name, such as cloud_ems.

  7. Add another EMS server.
  8. Set EMS Type to EMS.
  9. Enter a name, such as ems136.
  10. Enter server's IP address, admin user name, and admin password. Optionally, you can also change the HTTPS port.

  11. Click Apply.

    FortiClient EMS fabric connectors are automatically created for the EMS servers.

To test connectivity with the EMS server:
  1. Go to Security Fabric > Settings and go to the FortiClient Endpoint Management System (EMS) section.
  2. In the Connection status field, click Test Connectivity.