Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Sambhu
New Contributor II

Forticlient EMS Off net with EMS not reachable

I have this setup, where EMS is not published and the off-net profile is restricting malicious and security risk contents. Will the Forticlient be able to do restrictions with the configured EMS Profile if the EMS is not reachable. This also refers when the VPN is not connected.

 

FortiClient  #ForticlientEMS

1 Solution
peisenberg

that is correct. To determine status you need to be connected  to EMS however FCT  features will remain working. So if you have different profile for offnet and for onnet only the last received will be applied as there is no option to determine new status in your case...

Pavol 

 

TAC

View solution in original post

4 REPLIES 4
peisenberg
Staff
Staff

Yes, FCT will work as per last received config from EMS, please note there is no option to sync config changes if FCT is not connected to ems. 

does this help ? 
Thanks
Pavol 

TAC
Sambhu
New Contributor II

So no need of having EMS Published ?

KB Says as follows !

Endpoints must connect FortiClient Telemetry to EMS and FortiGate for FortiClient to use an on-net, off-net, or offline status.

When FortiClient connects Telemetry to EMS, FortiClient determines whether the endpoint has an on-net or off-net status.

peisenberg

that is correct. To determine status you need to be connected  to EMS however FCT  features will remain working. So if you have different profile for offnet and for onnet only the last received will be applied as there is no option to determine new status in your case...

Pavol 

 

TAC
vincunso

Hello,

My Forticlient has the status: unreachable. I deactivated disconnecting (not even with password). Since Forticlient cant communicate with EMS (i even unregistered the endpoint device and it keeps blocking) i cant change any settings because it wont "sync " the config with Forticlient and have no  possibility to disconnect. Is there like a expire day, where it just auto disconnects because it didnt reach EMS for a specific time or is there any way to fix this ? 

 

Labels
Top Kudoed Authors