The FortiGate Security Fabric root device can link to FortiClient Endpoint Management System (EMS) and FortiClient EMS Cloud (a cloud-based EMS solution) for endpoint connectors and automation. Up to three EMS servers can be added on the global Security Fabric settings page, including on FortiClient EMS Cloud server. EMS settings are synchronized between all fabric members.
To enable cloud-based EMS services, FortiGate must be registered to FortiCloud with an appropriate user account.
If you disable FortiClient Endpoint Management System (EMS) on the Security Fabric > Settings page, all previously configured EMS server entries will be deleted.
To add a FortiClient EMS server to the Security Fabric in the CLI:
config endpoint-control fctems edit <ems_name> set server <ip_address> set serial-number <string> set admin-username <string> set admin-password <string> set https-port <integer> set source-ip <ip_address> next end
https-port is the EMS HTTPS access port number, and the
source-ip is the REST API call source IP address.
To add a FortiClient EMS Cloud server to the Security Fabric in the CLI:
- Enable authentication of FortiClient EMS Cloud through a FortiCloud account:
config endpoint-control fctems edit <name> set fortinetone-cloud-authentication enable next end
- Create a FortiClient EMS Cloud server connection:
config user fsso edit "cloud_ems_fsso_connector" set type fortiems-cloud set password ****** set source-ip <class_ip> next end
To add both a cloud-based and an on-premise FortiClient EMS server to the Security Fabric in the GUI:
- To enable endpoint control, on the root FortiGate, go to System > Feature Visibility and enable Endpoint Control.
- Go to Security Fabric > Settings.
- Enable FortiClient Endpoint Management System (EMS).
- Add an EMS server.
- Set EMS Type to EMS Cloud.
- Enter a name, such as cloud_ems.
- Add another EMS server.
- Set EMS Type to EMS.
- Enter a name, such as ems136.
- Enter server's IP address, admin user name, and admin password. Optionally, you can also change the HTTPS port.
- Click Apply.
FortiClient EMS fabric connectors are automatically created for the EMS servers.
To test connectivity with the EMS server:
- Go to Security Fabric > Settings and go to the FortiClient Endpoint Management System (EMS) section.
- In the Connection status field, click Test Connectivity.