Skip to main content
Sambhu
Sambhu
Explorer III
June 28, 2022
Solved

Forticlient EMS Off net with EMS not reachable

  • June 28, 2022
  • 1 reply
  • 5989 views

I have this setup, where EMS is not published and the off-net profile is restricting malicious and security risk contents. Will the Forticlient be able to do restrictions with the configured EMS Profile if the EMS is not reachable. This also refers when the VPN is not connected.

 

FortiClient  #ForticlientEMS

Best answer by peisenberg

that is correct. To determine status you need to be connected  to EMS however FCT  features will remain working. So if you have different profile for offnet and for onnet only the last received will be applied as there is no option to determine new status in your case...

Pavol 

 

1 reply

peisenberg
Staff
peisenberg
Staff
June 28, 2022

Yes, FCT will work as per last received config from EMS, please note there is no option to sync config changes if FCT is not connected to ems. 

does this help ? 
Thanks
Pavol 

    Sambhu
    SambhuAuthor
    Explorer III
    June 28, 2022

    So no need of having EMS Published ?

    KB Says as follows !

    Endpoints must connect FortiClient Telemetry to EMS and FortiGate for FortiClient to use an on-net, off-net, or offline status.

    When FortiClient connects Telemetry to EMS, FortiClient determines whether the endpoint has an on-net or off-net status.

    peisenberg
    Staff
    peisenbergAnswer
    Staff
    June 28, 2022

    that is correct. To determine status you need to be connected  to EMS however FCT  features will remain working. So if you have different profile for offnet and for onnet only the last received will be applied as there is no option to determine new status in your case...

    Pavol 

     

      Terms & ConditionsAccessibility statement