Fortinet black logo

New Features

7.4.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.0

Configuring FortiClient EMS and FortiClient EMS Cloud on a per-VDOM basis

Configuring FortiClient EMS and FortiClient EMS Cloud on a per-VDOM basis

Note

This information is also available in the FortiOS 7.4 Administration Guide:

FortiClient EMS and FortiClient EMS Cloud can be added on a per-VDOM basis. Enabling override is necessary to add an EMS server for each VDOM. 

config endpoint-control settings
    set override {enable | disable}
end

If override is enabled for a VDOM, the global configuration will not affect the VDOM. Override must be configured for each VDOM that connects to an EMS server.

Note

This feature requires FortiClient EMS 7.2.1 and later.

With this override configuration, the FortiGate can connect to multiple on-premise FortiClient EMS instances per VDOM. However, with this same configuration, only one FortiClient EMS Cloud instance can be connected per FortiGate.

Each VDOM supports up to seven EMS servers, plus an additional seven in the global configuration. With override enabled on all ten VDOMs, a 10-VDOM contract would have up to 77 EMS servers. If override is enabled on only one VDOM, a 10-VDOM contract would have up to 14 EMS servers.

This functionality can be applied to MSSP (managed security service provider) configurations, and each VDOM has its own FortiClient EMS card for the EMS server or instance. For example:

  • Separate on-premise FortiClient EMS instances

  • Single FortiClient EMS multi-tenant instance based on FQDN type

  • Separate FortiClient EMS Cloud instances

To configure a FortiClient EMS server per VDOM in the GUI:

  1. Enable override in the FortiOS CLI on the required VDOMs:

    config endpoint-control settings
    set override enable
end

  2. Navigate to the desired VDOM, then go to Security Fabric > Fabric Connectors and double-click the FortiClient EMS card.

  3. Configure the EMS server settings as needed (see Configuring FortiClient EMS in the FortiOS Administration Guide for detailed steps).

To configure a FortiClient EMS server per VDOM in the CLI:

  1. Enable override on the required VDOMs:

    config endpoint-control settings
    set override enable
end

  2. Configure the EMS server on the desired VDOM:

    (root) config endpoint-control fctems-override
    edit 1
        set status enable
        set name "ems140_root"
        set server "172.16.200.140"
        set serial-number "FCTEMS8821******"
        set tenant-id "00000000000000000000000000000000"
        set capabilities fabric-auth silent-approval websocket websocket-malware push-ca-certs common-tags-api tenant-id single-vdom-connector
    next
    edit 2
        set name "ems133_root"
        set server "172.16.200.133"
    next
end
Previous
Next

Configuring FortiClient EMS and FortiClient EMS Cloud on a per-VDOM basis

Note

This information is also available in the FortiOS 7.4 Administration Guide:

FortiClient EMS and FortiClient EMS Cloud can be added on a per-VDOM basis. Enabling override is necessary to add an EMS server for each VDOM. 

config endpoint-control settings
    set override {enable | disable}
end

If override is enabled for a VDOM, the global configuration will not affect the VDOM. Override must be configured for each VDOM that connects to an EMS server.

Note

This feature requires FortiClient EMS 7.2.1 and later.

With this override configuration, the FortiGate can connect to multiple on-premise FortiClient EMS instances per VDOM. However, with this same configuration, only one FortiClient EMS Cloud instance can be connected per FortiGate.

Each VDOM supports up to seven EMS servers, plus an additional seven in the global configuration. With override enabled on all ten VDOMs, a 10-VDOM contract would have up to 77 EMS servers. If override is enabled on only one VDOM, a 10-VDOM contract would have up to 14 EMS servers.

This functionality can be applied to MSSP (managed security service provider) configurations, and each VDOM has its own FortiClient EMS card for the EMS server or instance. For example:

  • Separate on-premise FortiClient EMS instances

  • Single FortiClient EMS multi-tenant instance based on FQDN type

  • Separate FortiClient EMS Cloud instances

To configure a FortiClient EMS server per VDOM in the GUI:

  1. Enable override in the FortiOS CLI on the required VDOMs:

    config endpoint-control settings
    set override enable
end

  2. Navigate to the desired VDOM, then go to Security Fabric > Fabric Connectors and double-click the FortiClient EMS card.

  3. Configure the EMS server settings as needed (see Configuring FortiClient EMS in the FortiOS Administration Guide for detailed steps).

To configure a FortiClient EMS server per VDOM in the CLI:

  1. Enable override on the required VDOMs:

    config endpoint-control settings
    set override enable
end

  2. Configure the EMS server on the desired VDOM:

    (root) config endpoint-control fctems-override
    edit 1
        set status enable
        set name "ems140_root"
        set server "172.16.200.140"
        set serial-number "FCTEMS8821******"
        set tenant-id "00000000000000000000000000000000"
        set capabilities fabric-auth silent-approval websocket websocket-malware push-ca-certs common-tags-api tenant-id single-vdom-connector
    next
    edit 2
        set name "ems133_root"
        set server "172.16.200.133"
    next
end
Previous
Next