Skip to main content
Flamby
Flamby
New Member
February 26, 2026
Question

Forticlient EMS OOB

  • February 26, 2026
  • 1 reply
  • 250 views

Hi everyone,

is there a way to use a separate interface for management purpose different from the service interface used by endpoints for telemetry ? I'm using the Forticlient EMS VM version.

 

Thank you in advance

1 reply

AEK
SuperUser
AEK
SuperUser
February 26, 2026

Hi Flamby

Didn't test it but should be possible. I guess your EMS is 7.4.x, then try the following:

  • Start by adding a network interface to the VM
  • Connect to EMS CLI (ssh or VM console)
  • sudo emscli system get info   -> Find the new interface name in the output
  • emscli system set network ip --adapter=ens# --ip=x.x.x.x/xx

You also need to manage the routing. I think you should keep the default route on the primary interface, and in that case you probably need to enable NAT on your firewall when accessing to the management interface.

And finally bear in mind it is usually discouraged to give one host two interfaces in different segments, for security reasons and for better design as well.

AEK
Flamby
FlambyAuthor
New Member
March 3, 2026

Hi AEK, 

Thank you for you reply,

I had that scenario in mind, but I thought there is a better option than this. Otherwise, is it recommended to use a single interface for service and management purposes as well ? I'm used to other solutions where OOB interface is always there to prevent any admin access to the server itself.

 

Regards 

AEK
SuperUser
AEK
SuperUser
March 3, 2026

Hi Flamby

I think the firewall is the solution here, as it will allow management traffic only from a specific internal network.

But I think what your telling is very relevant as well. Curious to know what other members think about it, and what "security standards" recommend for such case.

AEK
Terms & ConditionsAccessibility statement