In FortiManager, once a FortiClient EMS fabric connector is defined within an ADOM, it is automatically pushed to all FortiGate devices managed under that ADOM.

To prevent the EMS connector from being applied to FortiGate devices where it is not required, a custom CLI template can be used. This template will override the EMS connector configuration, effectively disabling it on specific FortiGates.

Workaround Steps:

1. Create a CLI Template:

   • Go to Device Manager -> Provisioning Templates -> CLI Templates.

   • Create a new CLI template with the necessary commands to remove or disable the EMS connector from the FortiGate configuration.
     
     

Example CLI commands:

• Assign this template to the FortiGate devices that should not have the EMS connector configured. 

• Go to Device Manager -> Provisioning Templates -> CLI Templates -> Assign to Device/Group.
  

• Ensure the CLI template is pushed to the relevant FortiGate devices.

3. Verification:

• Log in to the FortiGate CLI or GUI and confirm that the EMS connector configuration has been removed or disabled.

• Monitor ongoing configuration syncs from FortiManager to ensure that the CLI template continues to suppress the EMS connector settings.

While FortiManager currently does not provide a built-in option to limit EMS connector deployment to selected FortiGates within an ADOM, this can be effectively managed through the use of CLI templates. This method ensures that only the required devices maintain the EMS connector configuration, maintaining proper segmentation and reducing unnecessary configurations on non-participating FortiGates.