Forti EMS | Deployment for different namespaces

Forum|Forum|7 years ago
December 20, 2018
1 reply
2444 views

Hi guys.

We have a client with centrally managed Forti EMS server at their Head Office which is on namespace1.local domain.

They have 5 other branches, each on its own domain.

I have connected all FortiGate firewalls via IPsec tunnels.

If someone could please assist me with these questions - Much appreciated!

1. Since EMS deploys clients by hostname only, would I have to create new zones on the internal DNS, or must there be a trust relationship established between different domain controllers? Is there any other way to do this?

2. Is there anything that needs to be done on the branch firewall with regards to adding the EMS server pointing to the local IP? Can branch firewall communicate to it on a local IP (or must be published on a WAN port)

3. All firewalls are on 6.0.2 (3). I can ping hosts across on IP address.

Thanks again!

SteveG

New Member

Oh this is an interesting question we will likely be doing something similar.

1, I would expect if you add other AD Domains they appear as separate entities under Endpoints/Domains. I'd also expect EMS to take care of the DNS given it's tied to the domain name....

2, NOt sure what you're asking here. We have a licensed EMS server and our FortiGates have no involvement in the EMS/FortiClient relationship/connectivity.

3, Good start.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded