Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
lpi
New Contributor II

Forticlient invitation code on public IP

Hello,

EMS is behind the firewall but the invitation code is based on the internal FQDN.

How can I solve this ? Manual entries are not allowed.

KR

Laurent

4 REPLIES 4
ozkanaltas
Contributor III

Hello @lpi ,

 

You can configure your public IP address or fqdn on EMS settings. After that, this invitation will be sent with a configured fqdn or IP. 

 

https://docs.fortinet.com/document/forticlient/7.2.3/ems-administration-guide/319002/configuring-ems...

 

 

image.png

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE4-5-6-7 OT Sec - ENT FW
marcoperson_250

Thank you for sharing valuable insight.

lpi
New Contributor II

Hello,

I am of course already using the FQDN but with the internal server resolution.

If I put the external FQDN, all internal traffic will be also routed back to this VIP address instead of the local internal address. Moreover port 443 is not allowed on that external VIP.

KR

Laurent

ebilcari

You have to add an entry on the public DNS that resolves the FQDN of EMS to the public IP (VIP) you have configured in the firewall.

For the internal DNS you could configure the same FQDN to be resolved to the private IP address of the EMS.

port fwd.PNG

Since the initiation will contain the domain only, it will work for both clients in public and private network.

invite.PNG

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
Labels
Top Kudoed Authors