Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Sambhu
New Contributor III

Created on ‎06-28-2022 01:30 AM

Forticlient EMS Off net with EMS not reachable

I have this setup, where EMS is not published and the off-net profile is restricting malicious and security risk contents. Will the Forticlient be able to do restrictions with the configured EMS Profile if the EMS is not reachable. This also refers when the VPN is not connected.

 

FortiClient   #ForticlientEMS

Labels:
4439
0 Kudos
1 Solution
peisenberg
Staff
Staff
In response to Sambhu

Created on ‎06-28-2022 06:59 AM

that is correct. To determine status you need to be connected  to EMS however FCT  features will remain working. So if you have different profile for offnet and for onnet only the last received will be applied as there is no option to determine new status in your case...

Pavol 

 

TAC

View solution in original post

4425
4 REPLIES 4
peisenberg
Staff
Staff

Created on ‎06-28-2022 06:36 AM

Yes, FCT will work as per last received config from EMS, please note there is no option to sync config changes if FCT is not connected to ems. 

does this help ? 
Thanks
Pavol 

TAC
4427
Sambhu
New Contributor III
In response to peisenberg

Created on ‎06-28-2022 06:42 AM

So no need of having EMS Published ?

KB Says as follows !

Endpoints must connect FortiClient Telemetry to EMS and FortiGate for FortiClient to use an on-net, off-net, or offline status.

When FortiClient connects Telemetry to EMS, FortiClient determines whether the endpoint has an on-net or off-net status.

4426
0 Kudos
peisenberg
Staff
Staff
In response to Sambhu

Created on ‎06-28-2022 06:59 AM

that is correct. To determine status you need to be connected  to EMS however FCT  features will remain working. So if you have different profile for offnet and for onnet only the last received will be applied as there is no option to determine new status in your case...

Pavol 

 

TAC
4426
vincunso
New Contributor
In response to peisenberg

Created on ‎11-28-2022 11:49 AM

Hello,

My Forticlient has the status: unreachable. I deactivated disconnecting (not even with password). Since Forticlient cant communicate with EMS (i even unregistered the endpoint device and it keeps blocking) i cant change any settings because it wont "sync " the config with Forticlient and have no  possibility to disconnect. Is there like a expire day, where it just auto disconnects because it didnt reach EMS for a specific time or is there any way to fix this ? 

 

3884
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.