- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FortiClient EMS: prevent unknown devices from connecting?
Hello everyone,
I am new to FortiClient EMS and currently in a roll-out state.
How do I prevent unwanted computers from connecting to the EMS? (EMS on-prem, running in a DMZ and public available to the internet)
In theory someone can install FortiClient and connect to our EMS.
I do install FortiClient for our users because they do not have admin privileges - so I did not enable user verification.
Is there any other way to prevent unwanted devices from connecting to EMS?
Solved! Go to Solution.
- Labels:
-
FortiClient
-
FortiClient EMS
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi miciti,
Yes correct, an invitation code.
Yes, you can use the 'switch by invitation' method.
Be careful when enabling 'enforce invitation-only registration'. If this option is enabled, if there is any endpoint who is currently joined to EMS using IP/FQDN, they all will be disconnected.
Bon
- « Previous
-
- 1
- 2
- Next »
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I was able to sucessfully change my clients with the "switch by invitation" method. I do have one invitation now that gets entered when a new device joins our company. Seems like the invitation stays valid (user verification is disabled on the invitation).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm still wondering if it's really so that the Forticlient can't be installed in a user-friendly way, where the user doesn't have to do anything else than log in to register to EMS cloud. It's just hard to believe :)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
There is an option to set a 'telemetry-key' (something like password) when joining to EMS, only those who have the 'telemetry-key' can join to EMS.
Refer: https://docs.fortinet.com/document/forticlient/7.2.5/ems-administration-guide/319002/configuring-ems...
*look for 'FortiClient telemetry connection key'
Bon
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello everyone, i'm trying also to solve this by limiting only the invited user to enroll to the ems. Reading the manual guide i cannot really follow the logic since it keep redirecting me from one link to the other. So far i have done this:
1- I have added my domain
2- In User Management i have authorized only the groups i want ( each user who can connect to VPN must be member of and AD group. This is due to Forti Auth )
3- In menu Endpoints > Invitation i have created a individual invitation (just for test purposes). The verification type i have selected Domain and it asks me to select the single user.
Is this enough ? Since, i get my email invitation but i have tried to enter my ldap credentials and it want authenticate. I have tried: my username; my domain/my username; my email address but still it want authenticate
- « Previous
-
- 1
- 2
- Next »