Dear all,
I'm new to FortiEMS. I have done the fresh installment as a VM using the trial license.
Our current architecture is: FortiGate + FortiAuthenticator.
The user are connecting to VPN (SSL-VPN) using FortiGate + FortiClient and FortiAuthenticator as a MFA.
We want also to add FortiEMS as a layer to do a posture check for the device prior of giving them permissions to connect remotely to the company resources. We have users with a company joined AD laptop + BYOD devices.
I'm trying to understand:
1- Where will the FortiEMS stand in the "big picture" at the architecture level ? Will it replace any of the components ?
2- Do i need to connect FortiEMS with FortiGate ? If yes, will i have any impact since i do not have a test env and FortiGate is directly in production.
3- Do i need anymore the FortiAuthenticator ?
Thank You in advance
#FortiEMS
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello
1- You put FortiClient EMS typically in the DMZ, since it is accessible from outside (HTTPS for client download + telemetry for external clients).
As you may know FortiClient has multiple features (VPN, AV, Vulerability scan, ZTNA and so), and one of the components it may replace on your clients is the anti-malware, if needed.
2- You need to connect EMS to FortiGate via fabric connector without any risk and this will have no impact on the production.
3- FortiClient EMS will not replace FortiAuthenticator, as EMS doesn't do central authentication, certificate authority, RADIUS, MFA, token management and so. If you are using FAC then you will continue to use it as before.
Hope it helps.
In case you have "FortiClient VPN" on the clients or an older "FortiClient" version then yes you will need to replace it.
Hello
1- You put FortiClient EMS typically in the DMZ, since it is accessible from outside (HTTPS for client download + telemetry for external clients).
As you may know FortiClient has multiple features (VPN, AV, Vulerability scan, ZTNA and so), and one of the components it may replace on your clients is the anti-malware, if needed.
2- You need to connect EMS to FortiGate via fabric connector without any risk and this will have no impact on the production.
3- FortiClient EMS will not replace FortiAuthenticator, as EMS doesn't do central authentication, certificate authority, RADIUS, MFA, token management and so. If you are using FAC then you will continue to use it as before.
Hope it helps.
Thank You for your response. Having this in mind, the only thing i need to do is to replace the existing FortiClient on user's endpoint with the new one ?
In case you have "FortiClient VPN" on the clients or an older "FortiClient" version then yes you will need to replace it.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1696 | |
1091 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.