Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
cmoro
New Contributor

EMS - FortiClient telemetry connection key / how to store it in FCT xml profile

Hi,

 

I want to configure a FortiClient Telemetry connection key for FortiClient EMS. So FortiClient must provide this key during the initial connection. Is there any way how to store the key in the FortiClient XML Profile without entering it manually by a user?

I cannot image distributing the key for thousands of users during a rollout phase.

 

Thank you for any hint.

 

Regards

Jozef

8 REPLIES 8
SteveG
Contributor III

We do this by using a 'Gateway List'. I have no idea if this is how you're supposed to do it or a workaround I stumbled on ;)

 

We set the "IP Addresses/Hostnames" to that of the public EMS DNS name, tick the "Use Connection Key", entry the connection key and set "Managed by EMS" again to the public EMS DNS name with :8013 on the end.

Assigning both a profile and Gateway List to an Endpoint Group means users never have to entry the Telemetry key, unless they install a vanilla Forti Client.

FlavioB1
New Contributor III

Hi all.

Is the "Gateway List" still the way to go with FortiClient EMS 7.0.6? I can't seem to find that parameter... :\

btan

Hi FlavioB1,

 

I suppose "Configure EMS server list" under EMS setting may be the one you looking for.

Regards,
Bon
FlavioB1
New Contributor III

Ah - thanks, didn't see it there.

Will this automagically take the connection key as well, when I create the deployment package?

btan

Yes, the connection key will be included in newly created installer.

When you have set the telemetry connection key, kindly wait for few hours before creating the installer.

Regards,
Bon
FlavioB1
New Contributor III

Thanks for the feedback - why would I need to wait a few hours?

btan

There were cases installer not being packaged with telemetry key if they are created immediately.

Better to allow some time for EMS to do the background processes.

Regards,
Bon
FlavioB1
New Contributor III

Well - the packages have been created immediately, so I don't think waiting some hours will change anything. In fact, I just checked again and the timestamp on the generated files is the same as it was when they were created yesterday.

Labels
Top Kudoed Authors