Help
FortiClient
FortiClient proactively defends against advanced attacks. Its tight integration with the Security Fabric enables policy-based automation to contain threats and control outbreaks. FortiClient is compatible with Fabric-Ready partners to further strengthen enterprises’ security posture.
smaruvala
Staff
Staff

Created on ‎01-02-2025 02:54 AM Edited on ‎01-02-2025 03:19 AM By Community Manager

Article Id 367927

Technical Tip: Restricting registration to FortiClient EMS using FortiClient telemetry connection key

Description This article explains the FortiClient telemetry connection key setting in the FortiClient EMS which can be used to restrict the users from connecting to the EMS server from FortiClient.
Scope FortiClient EMS.
Solution
  • FortiClient can register to the FortiClient EMS server using the server address or invitation code. If the FortiClient EMS server is Internet facing then any user can try to register to it from the FortiClient. To prevent this users can use invitation-based registration using the options such as 'Enforce User Verification' or 'Enforce invitation-only registration for' options. 
  • FortiClient EMS also has another option to restrict its registration from FortiClient which is the 'FortiClient telemetry connection key'.
  • To configure this go to System Settings -> EMS Settings -> FortiClient telemetry connection key and add the FortiClient Telemetry connection key for FortiClient EMS.

 

key_config.png

 

  • When the user from FortiClient tries to register to the FortiClient EMS server using the IP or Domain, the user will be prompted to enter the connection key for successful registration. 

 

FCT.png

 

  • If the user has installed FortiClient via EMS generated version then the telemetry key will be embedded with it. FortiClient will not prompt to enter the key while registering.

  • If the user has installed the FortiClient by downloading the file from Fortinet Support then the FortiClient will prompt the user to enter the telemetry connection key.
  • If the user disconnects the connection to FortiClient EMS from FortiClient and tries to connect back, then FortiClient will not prompt the user to enter the key. However, the user will be prompted to enter the key if the host is deleted from the FortiClient EMS 'All Endpoints' list.

 

Endpoint.png

 

  • The telemetry connection key will be prompted when a fresh connection is initiated from the FortiClient. If an Administrator has configured the telemetry connection key in FortiClient EMS then only endpoints that are not in 'All Endpoints' will be prompted to enter the key. For others to authenticate the key endpoints must be deleted from the 'All Endpoints' section of FortiClient EMS.

 

delete_EP.png

 

647
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.