Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Holiday badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiADC
- FortiAIOps
- FortiAnalyzer
- FortiAP
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEdgeCloud
- FortiEDR
- FortiExtender
- FortiGuest
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiPresence
- FortiSRA
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiScan
- FortiSandbox
- FortiSASE
- FortiTester
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiVoice
- FortiWAN
- FortiToken
- FortiWeb
- Wireless Controller
- FortiAppSec Cloud
- RMA Information and Announcements
- Lacework
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Support Forum
- Re: Retrieving forticlient user's public IP addres...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Retrieving forticlient user's public IP address via EMS?
Hello,
In the EMS portal you can see the public IP of each registered forticlient user (on or off VPN), it's obviously collected data. Unfortunately the API only retrieves their local network IP address. Is there anyway to fetch the public IP address of a user that is not connected to VPN? Some useful scripting that could be done. I also noticed in FortiGate the endpoints API endpoint seems to have similar data, short of a public IP address.
Just curious if anyone knew if this was doable with the tools available via FortiClient EMS.
EDIT: Others have added replies and context expanding on my initial request. The idea of ingesting the active public IPs of all FortiClient agents (NOT connected to VPN) into a dynamic object list/group to be used for policies is spot on in what I'd ultimately like to do. There would be real value in having public policies locked down to the active public IP of all employees, provided that dynamic list is updated at a frequent interval. It would also be nice to use as a whitelist to access SSLVPN to cut down on the endless brute force attempts.
Labels:
- Labels:
-
FortiClient
-
FortiClient EMS
-
FortiGate
2331
7 REPLIES 7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello rjcou1,
Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Thanks,
Anthony-Fortinet Community Team.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello rjcou1,
We are still looking for someone to help you.
We will come back to you ASAP.
Regards,
Anthony-Fortinet Community Team.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello rjcou1,
I have found this document which can help you:
Tell us if it is not and we will continue to investigate.
Regards,
Anthony-Fortinet Community Team.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello
The answer to the OP's original question would be useful to me too, but the link provided by Anthony is irrelevant in my opinion.
The nicest thing would be to collect the Public IP list of FortiClients to the integrated Fortigate via the Fabric Connector in a dynamic address group ( same Device IP and MAC addresses lists)
This could obviously be used in various source IP/MAC Based Access Control based rules
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
link provided is irrelevant as GaboBast1 mentioned. This would be very helpful as we can use this in many control/firewall rules.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Fort iClient public IP, which is the end user's public IP, is not visible in Forti Analyzer traffic logs. Only the private IP is displayed. Is there a reason for this?
SJ
SJ
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi all,
I had a similar idea and have explored the options regarding this topic—specifically, implementing whitelists for SSL VPN connections based on a dynamically populated IP list. This approach leverages the FortiGate Threat Feed to pull a list of IPs hosted via HTTP/HTTPS.
As you mentioned, Fortinet EMS indeed displays the public IP of connected devices in the GUI. By utilizing browser developer tools, we can see that it is possible to pull back the JSON data for each device, which contains the field:
"public_ip_addr"
API Endpoint Example:
https://fctems.fortidemo.com/api/v1/client_users/311/details
CSV Export for Device Details
Upon further exploration of the GUI, I discovered that we can download a CSV file containing the details of connected devices
Using browser tools to inspect the web request for this download, we can identify the following endpoint:
EXPORT_URL = "https://fctems.fortidemo.com/api/v1/endpoints/export"
The file downloaded is a ZIP archive containing a CSV file, which includes the public IP addresses of the EMS-connected devices. :smiling_face_with_smiling_eyes:
Automating the Process
To automate this process, I implemented the following approach:
- Authenticate via API:
A session cookie is obtained by authenticating with a username and password using a POST request, just as the EMS GUI does during a login.
- Request the Export File:
With the session cookie, a GET request is made to the identified export URL. This allows us to download the ZIP file.
- Parse Public IPs:
After unzipping the file, we parse the CSV to extract the public_ip_addr field and write the values to a text file.
Next Steps: Using the IP List
Once the public IPs are saved to a text file, you can serve this file dynamically via HTTP/HTTPS. If necessary, the service can be protected using basic authentication. This allows you to pull down the IP list dynamically and update the FortiGate address list using APIs or other means.
You can reference additional details on external threat feeds in this Fortinet Community thread. - https://community.fortinet.com/t5/FortiGate/Technical-Tip-External-threat-list-threat-feed-blocked-v...
Proof of Concept Script
If you're interested, I’ve created a simple proof of concept script using the Fortinet EMS public demo as a target. The credentials in the script are placeholders for your own environment, so please do not misuse this demo system.
https://github.com/luterpt/Forti-EMS-Pull-Public-Ips.git
Example Output
When you run the script, it will take the following steps to populate the public_ips.txt file:
[*] Logging in to EMS...
[*] Login success. Session cookies obtained.
[*] Downloading endpoints export...
[*] Export ZIP saved as: endpoints_export.zip
[*] Files extracted to 'exported_files'
[*] Parsing CSV: exported_files\endpoints.csv
[*] Found 20 public IP(s). Saved to public_ips.txt.
I hope this helps! Let me know if you’d like further assistance or enhancements to the script. :smiling_face_with_smiling_eyes:
I hope this helps :)
This is probably a messy way of doing things and its probably better to use the API programmatically but I don’t see any other solutions being posted so there ya go,
Cheers
Ben
Labels
-
FortiGate
9,196 -
FortiClient
1,871 -
5.2
801 -
FortiManager
788 -
5.4
639 -
FortiAnalyzer
593 -
FortiSwitch
504 -
FortiAP
491 -
FortiClient EMS
462 -
6.0
416 -
5.6
362 -
FortiMail
335 -
SSL-VPN
281 -
IPsec
258 -
6.2
251 -
FortiAuthenticator v5.5
234 -
FortiWeb
219 -
FortiNAC
215 -
5.0
196 -
FortiGuard
146 -
SD-WAN
133 -
6.4
128 -
FortiAuthenticator
126 -
FortiGateCloud
103 -
FortiCloud Products
102 -
FortiSIEM
100 -
Firewall policy
97 -
FortiToken
96 -
Wireless Controller
84 -
Customer Service
81 -
FortiProxy
71 -
High Availability
67 -
4.0MR3
64 -
Fortivoice
60 -
FortiEDR
60 -
FortiADC
56 -
vlan
54 -
ZTNA
54 -
Routing
53 -
DNS
51 -
LDAP
47 -
FortiSandbox
46 -
FortiExtender
46 -
BGP
46 -
RADIUS
45 -
SAML
45 -
Authentication
44 -
NAT
43 -
FortiDNS
42 -
SSO
42 -
Certificate
42 -
FortiGate-VM
38 -
FortiGate v5.4
35 -
FortiSwitch v6.4
34 -
VDOM
34 -
fortilink
33 -
FortiConnect
32 -
Interface
32 -
Application control
32 -
Virtual IP
28 -
FortiWAN
27 -
Logging
27 -
Web profile
27 -
FortiConverter
26 -
FortiGate v5.2
24 -
FortiPAM
24 -
SSL SSH inspection
23 -
FortiPortal
22 -
Fortigate Cloud
21 -
Traffic shaping
20 -
FortiSwitch v6.2
19 -
Automation
19 -
Static route
19 -
FortiMonitor
18 -
SSID
18 -
snmp
17 -
OSPF
16 -
WAN optimization
16 -
FortiDDoS
15 -
System settings
15 -
FortiGate v5.0
14 -
FortiSOAR
14 -
FortiCASB
14 -
Admin
14 -
Security profile
14 -
Web application firewall profile
14 -
IP address management - IPAM
14 -
FortiManager v5.0
12 -
Proxy policy
12 -
FortiRecorder
11 -
IPS signature
11 -
FortiManager v4.0
10 -
FortiBridge
10 -
Explicit proxy
10 -
Traffic shaping policy
10 -
FortiAP profile
10 -
Intrusion prevention
10 -
4.0MR2
9 -
FortiGate v4.0 MR3
9 -
FortiWeb v5.0
9 -
Port policy
9 -
FortiDeceptor
8 -
FortiCache
8 -
RMA Information and Announcements
8 -
DNS filter
8 -
Antivirus profile
8 -
Traffic shaping profile
8 -
Web rating
8 -
Fortinet Engage Partner Program
8 -
4.0
7 -
FortiAnalyzer v5.0
7 -
API
7 -
trunk
7 -
Users
7 -
Fabric connector
7 -
FortiToken Cloud
6 -
Packet capture
6 -
FortiCarrier
5 -
FortiScan
5 -
FortiTester
5 -
Application signature
5 -
Authentication rule and scheme
5 -
Email filter profile
5 -
3.6
4 -
FortiDirector
4 -
Internet service database
4 -
NAC policy
4 -
DLP sensor
4 -
Netflow
4 -
Protocol option
4 -
TACACS
4 -
Replacement messages
4 -
Service
4 -
Multicast routing
4 -
Cloud Management Security
4 -
FortiDB
3 -
FortiHypervisor
3 -
FortiNDR
3 -
DLP Dictionary
3 -
DLP profile
3 -
DoS policy
3 -
SDN connector
3 -
VoIP profile
3 -
Multicast policy
3 -
FortiInsight
2 -
FortiAI
2 -
Kerberos
2 -
Schedule
2 -
Zone
2 -
Vulnerability Management
2 -
FortiGuest
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Subscription Renewal Policy
1 -
Video Filter
1 -
File filter
1 -
ICAP profile
1 -
Virtual wire pair
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1922 | |
| 1144 | |
| 769 | |
| 447 | |
| 277 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2025 Fortinet, Inc. All Rights Reserved.