Created on 12-19-2023 02:06 AM Edited on 02-26-2024 05:14 AM By Kate_M
Hello everyone!
Please help me if anyone has experience or worked with implementing Fortinet ZTNA. I want to implement ZTNA in my network. but I don't know which subscription is necessary for that. Do I need valid subscription on my FortiGate? which subscription should I purchase for Endpoints or Forti Client EMS?
Any of Fortinet Support Can help me? I need a Comprehensive guide, please.
Thanks.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
My advice is; to first install FortiClient EMS with a trial license on your lab or prod environment. Try some scenarios related to your request. After that purchase a prod license.
In the installation stage, you can follow this document. Especially, be careful installing Windows server. Language, time, and currency format settings it should be "English (United States)". Based on my past experience, do not install anything on this server. When different programs are installed, EMS may sometimes cause errors during installation.
If my answer provided a solution for you. Please do not forget to mark it as a solution so that others can benefit from it.
Hello @FNT_Learner ,
You don't need an additional Fortigate license for ZTNA. But You should buy a FortiClientEMS VPN/ZTNA license for endpoints. If you want to use additional features on FortiClient. You can review this table and you can select the license best for you.
If you want to try ZTNA. You can install FortiClientEMS with your support account. FortiClientEMS provides always a free trial for 3 clients.
Hi ozkanaltas thank you for your quick response. so the only license that is needed is FortiClientEMS VPN/ZTNA license and this just should be applied on EMS, not clients. is it correct? and what about the clients, do they need any license for enabling ZTNA functionality on them? As I know we need a license for endpoints and another license for EMS to manage them. is it right?
Created on 12-19-2023 02:56 AM Edited on 12-19-2023 02:59 AM
Hi @FNT_Learner ,
Actually, you should buy a FortiClientEMS license up to your client count. If you look at the FortiClientEMS data sheet. You can see the client package up to your client count. Your client will get their licenses from FortiClientEMS.
FortiClientEMS is the only management console for FortiClient. Also, EMS shares your client's ZTNA tag and Client certificate with Fortigate. In this way, trust is established between Fortigate and the Client.
Also, you have two options for the FortiClientEMS deployment method. Cloud and Self-Hosted. If you select a Cloud-based license, this license type is user-based. You can install 3 machines (computer, cell phone, tablet) with the same username. But if you choose self-hosted, this license device-based. You should buy up to your device count.
These licenses are stackable. For example, if you need 100 client licenses. You can buy 25 packs x 4.
https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/forticlient.pdf
Thank you. I plan to deploy EMS server on-prem. is there any additional tips that you want tell me?
My advice is; to first install FortiClient EMS with a trial license on your lab or prod environment. Try some scenarios related to your request. After that purchase a prod license.
In the installation stage, you can follow this document. Especially, be careful installing Windows server. Language, time, and currency format settings it should be "English (United States)". Based on my past experience, do not install anything on this server. When different programs are installed, EMS may sometimes cause errors during installation.
If my answer provided a solution for you. Please do not forget to mark it as a solution so that others can benefit from it.
Thank you ozkanaltas.
Hello ozkanaltas,
would you please tell me about licensing for EPP/APT? if I want to have subscription for this product, what licenses should I purchase? and which device is responsible for distributing updates to client? FortiGate or EMS? if FortiGate is responsible for that, does it need license too?
Hello @FNT_Learner ,
EMS is responsible for the updates.
If you want to use the ztna feature, you can buy only the ztna license. If you want additional features, for example, antivirus, USB device control, ransomware protection. You should buy EPP/APT license. You can see the difference between these licenses in the screenshot.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1720 | |
1093 | |
752 | |
447 | |
234 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.