EMS - Endpoint Control Settings - Onnet Subnets

Jim_FH · ‎01-19-2017

Has anyone use the EMS option for "onnet subnets" in the Endpoint profiles?

I get the overall concept, but I'm wondering what practical application it has. Has anyone used this for anything useful, and if so, what?

thanks!

Jim

neonbit · ‎01-19-2017

I guess a scenario could be if you had three sites, each with their own subnets:

New York: 10.111.1.0/24

San Francisco: 10.111.2.0/24

Chicago: 10.111.3.0/24

You want the FortiClient Web-filtering to be disabled when on these networks as they're your own companies (and have FortiGates with webfiltering).

In the same vein, maybe you have VPN auto-connect configured so that your clients automatically connect to the corporate VPN when they login to the computer, but you don't want this VPN connection to occur when at one of your offices (ie: only auto-connect when off-net).

Jim_FH · ‎01-20-2017

Interesting, thanks!

I was wondering if future features may include not registering to EMS when "on net" as I want to (for now) manage only the clients that connect via remote access VPN.

For now, i'm blocking port 8013 on the EMS servers from subnets that are NOT VPN clients.

EMS - Endpoint Control Settings - Onnet Subnets

Nominate a Forum Post for Knowledge Article Creation