Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Release Notes

    Home FortiProxy 7.6.0 Release Notes
    7.6.0
    7.6.0
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.19
    7.0.18
    7.0.17
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    2.0.14
    2.0.13
    2.0.12
    2.0.11
    2.0.10
    2.0.9
    2.0.8
    2.0.7
    2.0.6
    2.0.5
    2.0.4
    2.0.3
    2.0.2
    2.0.1
    2.0.0
    1.2.13
    1.2.12
    1.2.11
    1.2.10
    1.2.9
    1.2.8
    1.2.7
    1.2.6
    1.2.5
    1.2.4
    1.2.3
    1.2.2
    1.2.1
    1.2.0
    1.1.6
    1.1.5
    1.1.4
    1.1.3
    1.1.2
    1.1.1
    1.1.0
    1.0.7
    1.0.6
    1.0.5
    1.0.4
    1.0.3
    1.0.2
    1.0.1
    1.0.0

    Configuring FortiClient EMS and FortiClient EMS Cloud on a per-VDOM basis

    Configuring FortiClient EMS and FortiClient EMS Cloud on a per-VDOM basis

    This information is also available in the FortiProxy 7.6 Administration Guide:

    FortiClient EMS and FortiClient EMS Cloud can be added on a per-VDOM basis. Enabling override is necessary to add an EMS server for each VDOM. 

    config endpoint-control settings
    set override {enable | disable}
end

    If override is enabled for a VDOM, the global configuration will not affect the VDOM. Override must be configured for each VDOM that connects to an EMS server.

    This feature requires FortiClient EMS 7.2.1 and later.

    With this override configuration, the FortiProxy can connect to multiple on-premise FortiClient EMS instances per VDOM. However, with this same configuration, only one FortiClient EMS Cloud instance can be connected per FortiProxy.

    Each VDOM supports up to seven EMS servers, plus an additional seven in the global configuration. With override enabled on all ten VDOMs, a 10-VDOM contract would have up to 77 EMS servers. If override is enabled on only one VDOM, a 10-VDOM contract would have up to 14 EMS servers.

    This functionality can be applied to MSSP (managed security service provider) configurations, and each VDOM has its own FortiClient EMS card for the EMS server or instance. For example:

    • Separate on-premise FortiClient EMS instances

    • Single FortiClient EMS multi-tenant instance based on FQDN type

    • Separate FortiClient EMS Cloud instances

    To configure a FortiClient EMS server per VDOM in the GUI:

    1. Enable override in the FortiProxy CLI on the required VDOMs:

      config endpoint-control settings
    set override enable
end

    2. Navigate to the desired VDOM, then go to Security Fabric > Fabric Connectors and double-click the FortiClient EMS card.

    3. Configure the EMS server settings as needed (see Configuring FortiClient EMS in the FortiProxy Administration Guide for detailed steps).

    To configure a FortiClient EMS server per VDOM in the CLI:

    1. Enable override on the required VDOMs:

      config endpoint-control settings
    set override enable
end

    2. Configure the EMS server on the desired VDOM:

      (root) config endpoint-control fctems-override
    edit 1
        set status enable
        set name "emstest24"
        set server "10.120.1.24"
        set serial-number "FCTEMS**********"
        set tenant-id "00000000000000000000000000000000"
        set capabilities fabric-auth silent-approval websocket websocket-malware push-ca-certs common-tags-api tenant-id client-avatars single-vdom-connector
	 set verifying-ca "Fortinet_CA_Backup"
    next
end
    Previous
    Next

    Configuring FortiClient EMS and FortiClient EMS Cloud on a per-VDOM basis

    Configuring FortiClient EMS and FortiClient EMS Cloud on a per-VDOM basis

    This information is also available in the FortiProxy 7.6 Administration Guide:

    FortiClient EMS and FortiClient EMS Cloud can be added on a per-VDOM basis. Enabling override is necessary to add an EMS server for each VDOM. 

    config endpoint-control settings
    set override {enable | disable}
end

    If override is enabled for a VDOM, the global configuration will not affect the VDOM. Override must be configured for each VDOM that connects to an EMS server.

    This feature requires FortiClient EMS 7.2.1 and later.

    With this override configuration, the FortiProxy can connect to multiple on-premise FortiClient EMS instances per VDOM. However, with this same configuration, only one FortiClient EMS Cloud instance can be connected per FortiProxy.

    Each VDOM supports up to seven EMS servers, plus an additional seven in the global configuration. With override enabled on all ten VDOMs, a 10-VDOM contract would have up to 77 EMS servers. If override is enabled on only one VDOM, a 10-VDOM contract would have up to 14 EMS servers.

    This functionality can be applied to MSSP (managed security service provider) configurations, and each VDOM has its own FortiClient EMS card for the EMS server or instance. For example:

    • Separate on-premise FortiClient EMS instances

    • Single FortiClient EMS multi-tenant instance based on FQDN type

    • Separate FortiClient EMS Cloud instances

    To configure a FortiClient EMS server per VDOM in the GUI:

    1. Enable override in the FortiProxy CLI on the required VDOMs:

      config endpoint-control settings
    set override enable
end

    2. Navigate to the desired VDOM, then go to Security Fabric > Fabric Connectors and double-click the FortiClient EMS card.

    3. Configure the EMS server settings as needed (see Configuring FortiClient EMS in the FortiProxy Administration Guide for detailed steps).

    To configure a FortiClient EMS server per VDOM in the CLI:

    1. Enable override on the required VDOMs:

      config endpoint-control settings
    set override enable
end

    2. Configure the EMS server on the desired VDOM:

      (root) config endpoint-control fctems-override
    edit 1
        set status enable
        set name "emstest24"
        set server "10.120.1.24"
        set serial-number "FCTEMS**********"
        set tenant-id "00000000000000000000000000000000"
        set capabilities fabric-auth silent-approval websocket websocket-malware push-ca-certs common-tags-api tenant-id client-avatars single-vdom-connector
	 set verifying-ca "Fortinet_CA_Backup"
    next
end
    Previous
    Next