Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiManager 7.0.8 Administration Guide
    7.0.8
    7.6.1
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.6
    6.2.5
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.6.11
    5.6.10
    5.6.9
    5.6.8
    5.6.7
    5.6.6
    5.6.5
    5.6.4
    5.6.3
    5.6.2
    5.6.1
    5.6.0
    5.4.7
    5.4.6
    5.4.5
    5.4.4
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.2.10
    5.2.7
    5.2.6
    5.2.4
    5.2.3
    5.2.2
    5.2.1
    5.2.0
    5.0.12
    5.0.11
    5.0.10
    5.0.9
    5.0.8
    5.0.7
    5.0.6
    5.0.5
    5.0.4
    5.0.3
    5.0.2
    4.3.8
    4.3.7
    4.3.6
    4.3.5
    4.3.4
    4.3.3
    4.3.2
    4.3.1
    4.3.0
    4.2.9
    4.2.8
    4.2.7
    4.2.6
    4.2.5
    4.2.4
    4.2.3
    4.2.2
    4.2.1
    4.2.0
    4.1.0
    4.0.3
    4.0.2
    4.0.1
    4.0.0

    Creating FortiClient EMS connector

    Creating FortiClient EMS connector

    You can configure a FortiClient EMS connector on FortiManager to retrieve or generate EMS tag addresses from a FortiClient EMS server. When an EMS connector is configured, FortiManager automatically registers the FortiGate on FortiClient EMS, allowing FortiGate to retrieve dynamic object details from FortiClient EMS.

    Once the FortiClient EMS connector has been created, you can configure a ZTNA server and use the ZTNA tags in policies. See Zero Trust Network Access (ZTNA) objects and Configuring a ZTNA server.

    Tooltip

    In order for the FortiClient connector to import dynamic object details from FortiClient EMS, FortiClient EMS and FortiOS must be on version 7.0.3 or later.
    To create a FortiClient EMS connector:
    1. Go to Fabric View > Fabric > Connectors.
    2. Click Create New, and select FortiClient EMS under Endpoint/Identity.
      Note

      FortiClient EMS connectors can also be configured from Policy & Objects > Object Configurations > Fabric Connectors > Endpoint/Identity.

    3. Fill in the EMS server details, and click OK.
      NameEnter a name for the FortiClient EMS connector.
      TypeSelect FortiClient EMS or FortiClient EMS Cloud as the connector type, depending on your EMS server.
      IP/Domain name

      Enter the IP or domain name for the FortiClient EMS.

      This field is only visible when the Type is FortiClient EMS.

      HTTPS port

      Enter the HTTPS port for the FortiClient EMS.

      This field is only visible when the Type is FortiClient EMS.

      User NameEnter the administrator user name.

      Password

      Enter the administrator password.

      EMS Threat Feed

      Toggle ON to allow FortiManager to pull FortiClient malware hash from FortiClient EMS.

      Synchronize firewall addresses

      Toggle ON to automatically create and synchronize firewall addresses for all EMS tags.

    4. Configure the ZTNA policy and object settings. See Zero Trust Network Access (ZTNA) rules.
    5. Once the policy is configured under ZTNA Rules, you can install the policy using the Device Manger's Install Wizard. FortiManager installs the ZTNA Rules to the FortiGate along with the EMS server configuration which includes the Fingerprint from EMS Server. This eliminates the need for manual authorization, and FortiGate is able to retrieve dynamic object details from EMS for use.
    To manually import and view tags from FortiClient EMS:
    1. Go to Fabric View > Fabric > Connectors, and edit the configured FortiClient EMS connector.
    2. Click Apply & Refresh.
      Any changes on the EMS server are dynamically populated on the FortiManager.
    3. Go to Policy & Objects > Object Configurations > Firewall Objects > ZTNA Tags.
      You can see imported IP and MAC tags available on the page. See Viewing ZTNA tags.
    To confirm that FortiGate is authorized on the EMS Server:
    1. Log in on the FortiGate.
    2. Navigate to Security Fabric > Fabric Connectors > FortiClient EMS.
    3. Confirm the server details installed on the FortiGate are correct and that the status displays as Connected.
      To check the policy that is installed on the FortiGate, navigate to Policy & Objects > ZTNA Rules.
    4. You can also confirm that FortiGate is authorized on the FortiClient EMS server by going to Administration > Fabric Devices on FortiClient EMS.
      The FortiGate should be present in the list to interact with the EMS server.
    Previous
    Next

    Creating FortiClient EMS connector

    Creating FortiClient EMS connector

    You can configure a FortiClient EMS connector on FortiManager to retrieve or generate EMS tag addresses from a FortiClient EMS server. When an EMS connector is configured, FortiManager automatically registers the FortiGate on FortiClient EMS, allowing FortiGate to retrieve dynamic object details from FortiClient EMS.

    Once the FortiClient EMS connector has been created, you can configure a ZTNA server and use the ZTNA tags in policies. See Zero Trust Network Access (ZTNA) objects and Configuring a ZTNA server.

    Tooltip

    In order for the FortiClient connector to import dynamic object details from FortiClient EMS, FortiClient EMS and FortiOS must be on version 7.0.3 or later.
    To create a FortiClient EMS connector:
    1. Go to Fabric View > Fabric > Connectors.
    2. Click Create New, and select FortiClient EMS under Endpoint/Identity.
      Note

      FortiClient EMS connectors can also be configured from Policy & Objects > Object Configurations > Fabric Connectors > Endpoint/Identity.

    3. Fill in the EMS server details, and click OK.
      NameEnter a name for the FortiClient EMS connector.
      TypeSelect FortiClient EMS or FortiClient EMS Cloud as the connector type, depending on your EMS server.
      IP/Domain name

      Enter the IP or domain name for the FortiClient EMS.

      This field is only visible when the Type is FortiClient EMS.

      HTTPS port

      Enter the HTTPS port for the FortiClient EMS.

      This field is only visible when the Type is FortiClient EMS.

      User NameEnter the administrator user name.

      Password

      Enter the administrator password.

      EMS Threat Feed

      Toggle ON to allow FortiManager to pull FortiClient malware hash from FortiClient EMS.

      Synchronize firewall addresses

      Toggle ON to automatically create and synchronize firewall addresses for all EMS tags.

    4. Configure the ZTNA policy and object settings. See Zero Trust Network Access (ZTNA) rules.
    5. Once the policy is configured under ZTNA Rules, you can install the policy using the Device Manger's Install Wizard. FortiManager installs the ZTNA Rules to the FortiGate along with the EMS server configuration which includes the Fingerprint from EMS Server. This eliminates the need for manual authorization, and FortiGate is able to retrieve dynamic object details from EMS for use.
    To manually import and view tags from FortiClient EMS:
    1. Go to Fabric View > Fabric > Connectors, and edit the configured FortiClient EMS connector.
    2. Click Apply & Refresh.
      Any changes on the EMS server are dynamically populated on the FortiManager.
    3. Go to Policy & Objects > Object Configurations > Firewall Objects > ZTNA Tags.
      You can see imported IP and MAC tags available on the page. See Viewing ZTNA tags.
    To confirm that FortiGate is authorized on the EMS Server:
    1. Log in on the FortiGate.
    2. Navigate to Security Fabric > Fabric Connectors > FortiClient EMS.
    3. Confirm the server details installed on the FortiGate are correct and that the status displays as Connected.
      To check the policy that is installed on the FortiGate, navigate to Policy & Objects > ZTNA Rules.
    4. You can also confirm that FortiGate is authorized on the FortiClient EMS server by going to Administration > Fabric Devices on FortiClient EMS.
      The FortiGate should be present in the list to interact with the EMS server.
    Previous
    Next