| Description | This article describes the reasons for logs that may keep piling up every time someone connects to the FortiClient. |
| Scope | FortiGate v7.4.5. |
| Solution |
Users may see a large volume of 'FortiClient registered' events from random users under System -> Endpoint events.
These events are seen even when there is no EMS server.
The events look like the following.
date=2025-04-29 time=10:49:31 eventtime=1745938170887350479 tz="-0400" logid="0107045101" type="event" subtype="endpoint" level="notice" vd="root" logdesc="FortiClient registered" srcip=x.x.x.x srcport=62404 duration=32
Also, in the vulnerability scan reports, the report might fail due to ports being open at 8013 and providing a self-signed certificate.
If the above scenario matches, and if the EMS is not being used. Turn the fabric off on the outside-facing interface, if it is not being utilized, as shown below
Go to System -> Interface -> Edit the WAN interface.
In the CLI, the syntax is as follows:
config system interface
After this, the events should be stopped. The issue is resolved in v7.6.1. |
