I was looking to see if anyone knows a way to clear up licenses from EMS using AD.
We have windows 7 machines that we've been reimaging to Windows 10 or outright removing them from AD, but we've noticed that a good chunk of the old hostnames are still in EMS I assume taking up a license. Hopefully someone can help.
A quick heads up that in FortiClient EMS 7.0.2 you can automate this task, if desired, by configuring the number of days after the endpoint last contacted EMS to DeRegister the Endpoint and then configure the number of days after the endpoint was deregistered to Delete the Endpoint, freeing up the license. For example, if a client doesn't connect for 30 days, it is deregistered, and then if it doesn't return for another 30 days the endpoint is deleted, freeing up the license 60 days after last contact.
We currently have our license timeout in 7.0.1 set to 14 days.
Can you confirm the following - under the current license purge rules if someone doesn't connect in 14 days their license rolls off. But it they were to connect on day 15 and a license was available wouldn't EMS just issue one?
My understanding is that under your scenario the client is deregistered after 14 days of inactivity but the license is not released yet. If the user re-registers during the subsequent 14 days, the original license will be reapplied. However, if they do not re-register during the subsequent 14 days, the license will be released back into the pool. If on day 29 (or any time after) the client re-registers, a license will be allocated from the pool back to the user and will be bound to that user for 28 days (14 days of inactivity to DeRegister and then 14 days to client deletion). This all assumes you have configured the automation, otherwise it is a manual process.
Having said that, my lab EMS is currently down and I'm unable to verify this for you.
There is a fair amount of explanation of these options in the EMS Admin guide under the section System Settings --> Configuring EMS Settings.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.