I've been tasked by my company to investigate the deployment of Forticlient EMS (Enterprise Management Server).
I realise that Forticlient EMS does alot of things though initially it will be used by my company to manage the Forticlient licenses.
The company currently uses a SSL VPN connection directly onto a Fortigate and uses the free version of the Forticlient.
They want to migrate to use the full FortiClient licenses version and then gradually rollout the appropriate functionality.
I have found the QuickStart Guide here:
I'm looking for a high level overview of how the Forticlient EMS works but can't find a resource on the Fortinet site that gives me that!
I have found diagrams like the following showing the traffic flows between the Forticlient, Fortigate, Fortclient EMS and AD.
However, they don't answer alot of my questions I have.
I wonder if the forum will be able to help by either explaining to me here or posting links that they know of.
To be more specific, these are my questions:
a) When a user is at home and logs on using the Forticlient, does the user connect to the EMS Server or the Fortigate Firewall or both?
I'm asking this as I want to know whether an external firewall policy needs to be built on a firewall to allow external access to the EMS Server.
Also, I'm unsure as to whether the current configuration on the fortigate for the SSLVPN would still be required after the EMS Server is setup.
My initial reading suggests that the Forticlient is creating connections to both the EMS Server and the Fortigate firewall.
b) Am I correct that one uses the Security Fabric on the Fortigate to connect the EMS Server and the Fortigate together.
c) What are the traffic flows when a Forticlient users connects to a "FortiClient EMS integrated with FortiGate" setup.
Any other advice that experienced users have that they think would be useful for a newbee EMS Server user would be much appreciated.