Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

CLI Reference

config endpoint-control fctems

Configure FortiClient Enterprise Management Server (EMS) entries.

config endpoint-control fctems

Description: Configure FortiClient Enterprise Management Server (EMS) entries.

edit <name>

set fortinetone-cloud-authentication [enable|disable]

set server {string}

set https-port {integer}

set source-ip {ipv4-address-any}

set pull-sysinfo [enable|disable]

set pull-vulnerabilities [enable|disable]

set pull-avatars [enable|disable]

set pull-tags [enable|disable]

set pull-malware-hash [enable|disable]

set cloud-server-type [production|alpha|...]

set capabilities {option1}, {option2}, ...

set call-timeout {integer}

set websocket-override [disable|enable]

set preserve-ssl-session [enable|disable]

next

end

config endpoint-control fctems

Parameter

Description

Type

Size

Default

fortinetone-cloud-authentication

Enable/disable authentication of FortiClient EMS Cloud through FortiCloud account.

option

-

disable

 

Option

Description

enable

Enable authentication of FortiClient EMS Cloud through the use of FortiCloud account.

disable

Disable authentication of FortiClient EMS Cloud through the use of FortiCloud account.

server

FortiClient EMS FQDN or IPv4 address.

string

Maximum length: 255

https-port

FortiClient EMS HTTPS access port number. .

integer

Minimum value: 1 Maximum value: 65535

443

source-ip

REST API call source IP.

ipv4-address-any

Not Specified

0.0.0.0

pull-sysinfo

Enable/disable pulling SysInfo from EMS.

option

-

enable

 

Option

Description

enable

Enable pulling FortiClient user SysInfo from EMS.

disable

Disable pulling FortiClient user SysInfo from EMS.

pull-vulnerabilities

Enable/disable pulling vulnerabilities from EMS.

option

-

enable

 

Option

Description

enable

Enable pulling client vulnerabilities from EMS.

disable

Disable pulling client vulnerabilities from EMS.

pull-avatars

Enable/disable pulling avatars from EMS.

option

-

enable

 

Option

Description

enable

Enable pulling FortiClient user avatars from EMS.

disable

Disable pulling FortiClient user avatars from EMS.

pull-tags

Enable/disable pulling FortiClient user tags from EMS.

option

-

enable

 

Option

Description

enable

Enable pulling FortiClient user tags from EMS.

disable

Disable pulling FortiClient user tags from EMS.

pull-malware-hash

Enable/disable pulling FortiClient malware hash from EMS.

option

-

enable

 

Option

Description

enable

Enable pulling FortiClient malware hash from EMS.

disable

Disable pulling FortiClient malware hash from EMS.

cloud-server-type

Cloud server type.

option

-

production

 

Option

Description

production

Production FortiClient EMS Cloud Controller.

alpha

Alpha FortiClient EMS Cloud Controller.

beta

Beta FortiClient EMS Cloud Controller.

capabilities

List of EMS capabilities.

option

-

 

Option

Description

fabric-auth

Allow this FortiGate unit to load the authentication page provided by EMS to authenticate itself with EMS.

silent-approval

Allow silent approval of non-root or FortiGate HA clusters on EMS in the Security Fabric.

websocket

Enable/disable websockets for this FortiGate unit. Override behavior using websocket-override.

websocket-malware

Allow this FortiGate unit to request malware hash notifications over websocket.

push-ca-certs

Enable/disable syncing deep inspection certificates with EMS.

call-timeout

FortiClient EMS call timeout in seconds .

integer

Minimum value: 1 Maximum value: 180

30

websocket-override

Enable/disable override behavior for how this FortiGate unit connects to EMS using a WebSocket connection.

option

-

disable

 

Option

Description

disable

Do not override the WebSocket connection. Connect to WebSocket of this EMS server if it is capable (default).

enable

Override the WebSocket connection. Do not connect to WebSocket even if EMS is capable of a WebSocket connection.

preserve-ssl-session

Enable/disable preservation of EMS SSL session connection. WARNING: Most users should not touch this setting!

option

-

disable

 

Option

Description

enable

Allow preservation of EMS SSL session connection.

disable

Don't allow preservation of EMS SSL session connection.

config endpoint-control fctems

Configure FortiClient Enterprise Management Server (EMS) entries.

config endpoint-control fctems

Description: Configure FortiClient Enterprise Management Server (EMS) entries.

edit <name>

set fortinetone-cloud-authentication [enable|disable]

set server {string}

set https-port {integer}

set source-ip {ipv4-address-any}

set pull-sysinfo [enable|disable]

set pull-vulnerabilities [enable|disable]

set pull-avatars [enable|disable]

set pull-tags [enable|disable]

set pull-malware-hash [enable|disable]

set cloud-server-type [production|alpha|...]

set capabilities {option1}, {option2}, ...

set call-timeout {integer}

set websocket-override [disable|enable]

set preserve-ssl-session [enable|disable]

next

end

config endpoint-control fctems

Parameter

Description

Type

Size

Default

fortinetone-cloud-authentication

Enable/disable authentication of FortiClient EMS Cloud through FortiCloud account.

option

-

disable

 

Option

Description

enable

Enable authentication of FortiClient EMS Cloud through the use of FortiCloud account.

disable

Disable authentication of FortiClient EMS Cloud through the use of FortiCloud account.

server

FortiClient EMS FQDN or IPv4 address.

string

Maximum length: 255

https-port

FortiClient EMS HTTPS access port number. .

integer

Minimum value: 1 Maximum value: 65535

443

source-ip

REST API call source IP.

ipv4-address-any

Not Specified

0.0.0.0

pull-sysinfo

Enable/disable pulling SysInfo from EMS.

option

-

enable

 

Option

Description

enable

Enable pulling FortiClient user SysInfo from EMS.

disable

Disable pulling FortiClient user SysInfo from EMS.

pull-vulnerabilities

Enable/disable pulling vulnerabilities from EMS.

option

-

enable

 

Option

Description

enable

Enable pulling client vulnerabilities from EMS.

disable

Disable pulling client vulnerabilities from EMS.

pull-avatars

Enable/disable pulling avatars from EMS.

option

-

enable

 

Option

Description

enable

Enable pulling FortiClient user avatars from EMS.

disable

Disable pulling FortiClient user avatars from EMS.

pull-tags

Enable/disable pulling FortiClient user tags from EMS.

option

-

enable

 

Option

Description

enable

Enable pulling FortiClient user tags from EMS.

disable

Disable pulling FortiClient user tags from EMS.

pull-malware-hash

Enable/disable pulling FortiClient malware hash from EMS.

option

-

enable

 

Option

Description

enable

Enable pulling FortiClient malware hash from EMS.

disable

Disable pulling FortiClient malware hash from EMS.

cloud-server-type

Cloud server type.

option

-

production

 

Option

Description

production

Production FortiClient EMS Cloud Controller.

alpha

Alpha FortiClient EMS Cloud Controller.

beta

Beta FortiClient EMS Cloud Controller.

capabilities

List of EMS capabilities.

option

-

 

Option

Description

fabric-auth

Allow this FortiGate unit to load the authentication page provided by EMS to authenticate itself with EMS.

silent-approval

Allow silent approval of non-root or FortiGate HA clusters on EMS in the Security Fabric.

websocket

Enable/disable websockets for this FortiGate unit. Override behavior using websocket-override.

websocket-malware

Allow this FortiGate unit to request malware hash notifications over websocket.

push-ca-certs

Enable/disable syncing deep inspection certificates with EMS.

call-timeout

FortiClient EMS call timeout in seconds .

integer

Minimum value: 1 Maximum value: 180

30

websocket-override

Enable/disable override behavior for how this FortiGate unit connects to EMS using a WebSocket connection.

option

-

disable

 

Option

Description

disable

Do not override the WebSocket connection. Connect to WebSocket of this EMS server if it is capable (default).

enable

Override the WebSocket connection. Do not connect to WebSocket even if EMS is capable of a WebSocket connection.

preserve-ssl-session

Enable/disable preservation of EMS SSL session connection. WARNING: Most users should not touch this setting!

option

-

disable

 

Option

Description

enable

Allow preservation of EMS SSL session connection.

disable

Don't allow preservation of EMS SSL session connection.