Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Cajuntank
Contributor II

EMS or Fortigate for web filtering from FortiClient?

I am in the process of implementing and testing FortiClient which is being managed by EMS. The web filtering options in EMS are not a feature rich as the Fortigate. I do have another on-premise web filtering solution that I use to filter on and off network (via proxy) and investigating my options now with the FortiClient. My question is, can I provision my clients with EMS but somehow utilize the Fortigate for webfiltering (main focus is while off network) since it does have more web filter functionality?

4 REPLIES 4
Cajuntank
Contributor II

azh wrote:

Hello, 

 

You can use FortiGate for compliance check and enable there "Security Posture Check" to use FortiGate Security Profiles for FortiClient. You will centrally manage via FortiEMS and do other security things on FortiGate.

 

Here is example - http://cookbook.fortinet.com/enforcing-network-security-forticlient-profile-54/ 

 

 

But this is just for while on-net. What I am after is seeing if there is a way to get the Fortigate to be the web filter (since it has better web filter features) instead of the EMS while off-net. I know I can VPN in, thus putting me on-net, but I am looking to do this with over 3000 users. Having over 3000 users VPN is not really something I want to get into.

SteveRoadWarrior

In order for the Fortigate to filter EMS Client traffic, it needs to be in the traffic flow.

VPN is the normal way to accomplish this.

Which aspect of web filter do you prefer on the Fortigate?

Cajuntank

SteveRoadWarrior wrote:

In order for the Fortigate to filter EMS Client traffic, it needs to be in the traffic flow.

VPN is the normal way to accomplish this.

Which aspect of web filter do you prefer on the Fortigate?

The other biggies for me is the "Search Engine" section and to a smaller degree, the "Proxy Options" section. Since I am a K-12 school, being able to safe search search engines, restrict YouTube, and log all keyword searches is huge. We tie into Google, so restricting accounts to specific Google domain is something I am used to being able to do now with my current filter. I was kind of hoping that EMS had those features for macOS/Windows like they currently do for Chromebook or that I could use the FortiClient to proxy back to my Fortigate, thus replacing my current web-filter.

neonbit
Valued Contributor

Google Safe Search, Youtube Play and Google Search are all available from the application firewall feature of EMS/FortiClient.

 

Haven't tested it out to see if it would log the search words but worth trying out.

 

*edit* Just tested it out and the google safe search through the app control doesn't seem to work with Firefox or Chrome so scratch that idea.

Labels
Top Kudoed Authors