- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Connect FortiClient EMS to FortiGate
Dear all,
I'm following the guide in order to setup for the first time the FortiClient EMS with my existing architecture ( FortiGate + FortiAuth).
In the docs (https://docs.fortinet.com/document/fortigate/7.2.5/ztna-deployment/374384/connect-the-fortigate-to-e...) is telling that:
1- I need to generate a cert. By i do have already EMS Server Certificates (FortiCare). Do i need to generate again using a third party such as godaddy since i do not have an CA ? Or this are the defaults one ?
2- How i can publish in the DMZ the FortiEMS ?
Thank You in advance
#FortiClientEMS
Solved! Go to Solution.
- Labels:
-
FortiClient EMS
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It seems there is no such feature on the GUI.
So either do it via CLI or upload certificate + private key.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello
Don't worry about the certificate, connect them as is and they will use Fortinet embedded certificate and it will work fine.
Regarding how to publish EMS, you need to create 2 VIP object, one for HTTPS 10443, and one for telemetry 8013, then create 2 firewall rules to authorize the related traffic from outside for the mentioned ports.
In case you are not used to create VIPs, here is how to proceed:
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
So, i would not need to import the root CA of FortiEMS to FortiGate ? What about user endpoints ? Do i need some kind of cert for them also ? Thank You
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You need to upload a certificate signed by your certificate authority (trusted by your clients) to EMS, and set it as certificate for the web server and endpoint control (EMS Settings).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can i use a certificate from a Third party such as: GoDaddy etc ? If yes, what type of cert should i use ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes you can use a public certificate.
It can be DV single domain name or wildcard.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I noticed that there is no GUI on the EMS to generate the csr like FortiGate. Is there a documentation how to do it ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It seems there is no such feature on the GUI.
So either do it via CLI or upload certificate + private key.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Done via CLI