FortiClient
FortiClient proactively defends against advanced attacks. Its tight integration with the Security Fabric enables policy-based automation to contain threats and control outbreaks. FortiClient is compatible with Fabric-Ready partners to further strengthen enterprises’ security posture.
mdecesare
Staff
Staff
Description
This article describes how to enable Forticlient EMS with multitenancy.

Scope
For version 6.4.2.

Solution
With EMS multitenancy, it is possible to create multiple sites to provide granular access to different sites for different administrators and separate endpoint data and configuration into different sites.
The site are completely separate from each other and cannot share data between them.
For example, if an administrator only has access to Site A, the data is not possible from any other site. 
To enable this option, go on EMS setting and enable 'Manage Multiple Customer Sites'.


In order to configure EMS multitenancy, it is necessary to use a third level FQDN like in this example below (Global panel) and make sure the option 'use FQDN' is enabled. (eg: ems.somedomain.it).
To point the FortiGate to the 'Default' site, use the following name default.ems.somedomain.it.
The name of the site needed to access from the FortiGate and created on the EMS must reflect the FQDN on the DNS.





To work with multitenancy enabled:

1) FQDN needs to be used instead of IP Address.
2) site.fqdn format needs to be used in the FortiGate configuration in order to integrate FortiGate to specific Multitenant site on EMS (for example site1.ems.example.com) or default.ems.example.com to access default site.


Contributors