Forticlient invitation code on public IP

lpi · ‎12-25-2023

Hello,

EMS is behind the firewall but the invitation code is based on the internal FQDN.

How can I solve this ? Manual entries are not allowed.

KR

Laurent

ozkanaltas · ‎12-25-2023

Hello @lpi ,

You can configure your public IP address or fqdn on EMS settings. After that, this invitation will be sent with a configured fqdn or IP.

https://docs.fortinet.com/document/forticlient/7.2.3/ems-administration-guide/319002/configuring-ems...

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW

marcoperson_250 · ‎12-25-2023

Thank you for sharing valuable insight.

lpi · ‎12-25-2023

Hello,

I am of course already using the FQDN but with the internal server resolution.

If I put the external FQDN, all internal traffic will be also routed back to this VIP address instead of the local internal address. Moreover port 443 is not allowed on that external VIP.

KR

Laurent

ebilcari · ‎12-25-2023

You have to add an entry on the public DNS that resolves the FQDN of EMS to the public IP (VIP) you have configured in the firewall.

For the internal DNS you could configure the same FQDN to be resolved to the private IP address of the EMS.

port fwd.PNG

Since the initiation will contain the domain only, it will work for both clients in public and private network.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.

Forticlient invitation code on public IP

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website