Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Forti EMS | Deployment for different namespaces

Hi guys.


We have a client with centrally managed Forti EMS server at their Head Office which is on namespace1.local domain.

They have 5 other branches, each on its own domain.

I have connected all FortiGate firewalls via IPsec tunnels.


If someone could please assist me with these questions - Much appreciated!


1. Since EMS deploys clients by hostname only, would I have to create new zones on the internal DNS, or must there be a trust relationship established between different domain controllers? Is there any other way to do this?

2. Is there anything that needs to be done on the branch firewall with regards to adding the EMS server pointing to the local IP? Can branch firewall communicate to it on a local IP (or must be published on a WAN port)

3. All firewalls are on 6.0.2 (3). I can ping hosts across on IP address.


Thanks again!

Contributor III

Oh this is an interesting question we will likely be doing something similar.


1, I would expect if you add other AD Domains they appear as separate entities under Endpoints/Domains. I'd also expect EMS to take care of the DNS given it's tied to the domain name....

2, NOt sure what you're asking here. We have a licensed EMS server and our FortiGates have no involvement in the EMS/FortiClient relationship/connectivity.

3, Good start.