Dear all,
I'm following the guide in order to setup for the first time the FortiClient EMS with my existing architecture ( FortiGate + FortiAuth).
In the docs (https://docs.fortinet.com/document/fortigate/7.2.5/ztna-deployment/374384/connect-the-fortigate-to-e...) is telling that:
1- I need to generate a cert. By i do have already EMS Server Certificates (FortiCare). Do i need to generate again using a third party such as godaddy since i do not have an CA ? Or this are the defaults one ?
2- How i can publish in the DMZ the FortiEMS ?
Thank You in advance
#FortiClientEMS
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
It seems there is no such feature on the GUI.
So either do it via CLI or upload certificate + private key.
Hello
Don't worry about the certificate, connect them as is and they will use Fortinet embedded certificate and it will work fine.
Regarding how to publish EMS, you need to create 2 VIP object, one for HTTPS 10443, and one for telemetry 8013, then create 2 firewall rules to authorize the related traffic from outside for the mentioned ports.
In case you are not used to create VIPs, here is how to proceed:
So, i would not need to import the root CA of FortiEMS to FortiGate ? What about user endpoints ? Do i need some kind of cert for them also ? Thank You
You need to upload a certificate signed by your certificate authority (trusted by your clients) to EMS, and set it as certificate for the web server and endpoint control (EMS Settings).
Can i use a certificate from a Third party such as: GoDaddy etc ? If yes, what type of cert should i use ?
Yes you can use a public certificate.
It can be DV single domain name or wildcard.
I noticed that there is no GUI on the EMS to generate the csr like FortiGate. Is there a documentation how to do it ?
It seems there is no such feature on the GUI.
So either do it via CLI or upload certificate + private key.
Done via CLI
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1640 | |
1069 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.