Description
This article describes how to connect to a FortiClient EMS over an IPsec VPN tunnel.
Scope
FortiClient EMS.
Solution
Let’s assume that the site-to-site IPSEC VPN tunnel is up and the traffic can pass through just fine.
- Adding the Forticlient EMS.
Go to Security Fabric -> Fabric Connectors and select 'Create New'.
-
Select FortiClientEMS.
Fill out the Name and IP/Domain name and the HTTPS port -
Select 'OK'.
Even though the server is added, it is not reflected as connected in the status. -
Open the CLI and modify the 'source-ip' configuration for FortiClientEMS
config endpoint-control fctems
edit NAME of your EMS
set source-ip X.X.X.X
end
Note.
'source-ip' is FortiGate interface IP whose subnet is added in IPSEC tunnel phase-2 local subnet settings.While configuring the source IP setting for the EMS connector in the VDOM mode, we need to configure it in the global mode:
config global
config endpoint-control fctemsedit xxxx <----- EMS ID in order (1 - 7) EMS ID is basically the EMS connector 1,2.....set source-ip X.X.X.X
end -
The Fabric Connector for the Forticlient EMS should now be green and up.
