Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
JohnNorthWest
New Contributor

Created on ‎07-19-2022 01:31 AM

Forticlient EMS Server: New User asks for advice on initial set up of Fortclient EMS Integrated with

Hi Forum

 

I've been tasked by my company to investigate the deployment of Forticlient EMS (Enterprise Management Server).

 

I realise that Forticlient EMS does alot of things though initially it will be used by my company to manage the Forticlient licenses.


The company currently uses a SSL VPN connection directly onto a Fortigate and uses the free version of the Forticlient.


They want to migrate to use the full FortiClient licenses version and then gradually rollout the appropriate functionality.

 

I have found the QuickStart Guide here:
https://docs.fortinet.com/document/forticlient/7.0.2/ems-quickstart-guide/516451/introduction

 

I'm looking for a high level overview of how the Forticlient EMS works but can't find a resource on the Fortinet site that gives me that!

 

I have found diagrams like the following showing the traffic flows between the Forticlient, Fortigate, Fortclient EMS and AD.
https://docs.fortinet.com/document/forticlient/6.0.3/ems-administration-guide/577272/forticlient-ems...

 

However, they don't answer alot of my questions I have.

 

I wonder if the forum will be able to help by either explaining to me here or posting links that they know of.

 

To be more specific, these are my questions:

 

a) When a user is at home and logs on using the Forticlient, does the user connect to the EMS Server or the Fortigate Firewall or both?

I'm asking this as I want to know whether an external firewall policy needs to be built on a firewall to allow external access to the EMS Server.
Also, I'm unsure as to whether the current configuration on the fortigate for the SSLVPN would still be required after the EMS Server is setup.
My initial reading suggests that the Forticlient is creating connections to both the EMS Server and the Fortigate firewall.

 

b) Am I correct that one uses the Security Fabric on the Fortigate to connect the EMS Server and the Fortigate together.

 

c) What are the traffic flows when a Forticlient users connects to a "FortiClient EMS integrated with FortiGate" setup.

 

Any other advice that experienced users have that they think would be useful for a newbee EMS Server user would be much appreciated.

 

Many Thanks

 

John

Labels:
860
1 Solution
Anonymous
Not applicable

Created on ‎07-21-2022 12:13 PM

Hello @JohnNorthWest ,

 

Thank you for posting on Fortinet Community Forums.

To answer some of your questions, you can use FortiClient EMS in standalone mode or integrated with FortiGate.

 

When FortiClient is on a client machine and it managed my EMS, you should see status connected if it is successfully connected to EMS which manages it.

 

Screenshot 2022-07-21 150557.png

 

If you are connecting using the VPN, then your FortiClient would be connecting to FortiGate to establish this VPN connection.

 

The following link has the video which explains about EMS connector used on FortiGate.

 

https://www.youtube.com/watch?v=teFF1WGoZmM

The configuration for SSL VPN on the FortiGate would be required to have FortiClient(also managed by EMS) to have a VPN connection.

 

Let me know if this helps.

 

Thanks,

View solution in original post

837
4 REPLIES 4
Anonymous
Not applicable

Created on ‎07-21-2022 12:13 PM

Hello @JohnNorthWest ,

 

Thank you for posting on Fortinet Community Forums.

To answer some of your questions, you can use FortiClient EMS in standalone mode or integrated with FortiGate.

 

When FortiClient is on a client machine and it managed my EMS, you should see status connected if it is successfully connected to EMS which manages it.

 

Screenshot 2022-07-21 150557.png

 

If you are connecting using the VPN, then your FortiClient would be connecting to FortiGate to establish this VPN connection.

 

The following link has the video which explains about EMS connector used on FortiGate.

 

https://www.youtube.com/watch?v=teFF1WGoZmM

The configuration for SSL VPN on the FortiGate would be required to have FortiClient(also managed by EMS) to have a VPN connection.

 

Let me know if this helps.

 

Thanks,

838
JohnNorthWest
New Contributor
In response to Anonymous

Created on ‎08-01-2022 01:16 AM

Thanks Mohit. I'll use this resource. John

798
0 Kudos
PortlandME
New Contributor
In response to JohnNorthWest

Created on ‎04-24-2023 02:17 PM

Good afternoon John,

 Did you ever get a direct reply to your questions? I too am wondering if i need to pass data through a proxy DMZ server that is routed to a public IP to keep all remote devices up to date. Or do you just do an IPSEC VPN and disallow disconnection? I am day 1 into implementation so still poking around.

 

Curious what your architecture ended up as.

561
0 Kudos
OwenW
New Contributor II
In response to Anonymous

Created on ‎08-02-2022 10:02 AM

Thanks, Mohit, nice post. What about the Security Fabric glue, how does that work?

 

From the manual which I've skimmed but not grokked.

OwenW_0-1659459759292.png

 

790
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.