Description

This article describes how to connect to a FortiClient EMS over an IPsec VPN tunnel.

Scope

FortiClient EMS.

Solution

Let’s assume that the site-to-site IPSEC VPN tunnel is up and the traffic can pass through just fine.

1. Adding the Forticlient EMS.
   Go to Security Fabric -> Fabric Connectors and select 'Create New'.
   
   

2. Select FortiClientEMS.
   Fill out the Name and IP/Domain name and the HTTPS port
   
   
3. Select 'OK'.
   Even though the server is added, it is not reflected as connected in the status.
   
   
4. Open the CLI and modify the 'source-ip' configuration for FortiClientEMS
   
   config endpoint-control fctems
       edit NAME of your EMS
           set source-ip X.X.X.X
       end
   
   Note.
   'source-ip' is FortiGate interface IP whose subnet is added in IPSEC tunnel phase-2 local subnet settings.
    
   While configuring the source IP setting for the EMS connector in the VDOM mode, we need to configure it in the global mode:
   
   config global
       config endpoint-control fctems
           edit xxxx    <----- EMS ID in order (1 - 7) EMS ID is basically the EMS connector 1,2.....
               set source-ip X.X.X.X
   end
   
   
5. The Fabric Connector for the Forticlient EMS should now be green and up.