FortiEMS not receiving vulnerabilities from clients
We've had EMS for about a year and for the most part working great. Profiles push out to clients, all that stuff.
Today it decided that it was not going to do vulnerabilities anymore! We suddenly have 0 vulns for all our clients, earlier today that number was a good bit higher.
We're on FortiEMS 6.2.6 with FortiClient 6.2.6.
When you tell it to scan a host for vulnerabilities, it does. The host has a pop-up saying it is doing the scan, it does the scan, comes back in this case with one critical vulnerability. The EMS sees that the scan has completed, has all the host information, but does not have the known vulnerability.
Yesterday and this morning, we were having it remediate some Firefox and Java vulnerabilities. For the most part it was doing just fine with that, and remediated hosts were reflecting the patched issues. Then I went and logged back in and 0 vulnerabilities!!!
We have restarted the services, and the server, and everything is working find otherwise.
I'm at a loss as to where to begin - logs show nothing abnormal...it just ignores vulnerabilities (so it's a CEO that doesn't want the password policy to apply to them :) )
Ensure that the FortiClient installations on the client machines are correctly configured to report vulnerabilities to FortiEMS. Make sure there are no firewall rules blocking the communication between FortiClient and FortiEMS for vulnerability reporting. You mentioned that logs show nothing abnormal. However, you might want to increase the log level for more detailed information. Check both FortiEMS and FortiClient logs. Try initiating a manual vulnerability scan from FortiEMS and see if the vulnerabilities show up.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.