Fortinet black logo

Compliance Guide

Home FortiClient 6.0.0 Compliance Guide
6.0.0
6.2.0
6.0.0
5.6.0
5.4.0

FortiClient with FortiGate and EMS

FortiClient with FortiGate and EMS

In this scenario, FortiClient establishes two Telemetry connections: to FortiGate and to EMS. EMS pushes configuration information in an endpoint profile to FortiClient, while FortiOS provides compliance rules.

FortiClient follows the endpoint profile configuration received from EMS. FortiClient settings are locked so the endpoint user cannot change any configuration. EMS is expected to provide a profile that configures FortiClient to comply with rules received from FortiOS. If any configuration does not comply, you must fix it in EMS.

EMS can also import a FortiClient Profile from FortiOS, then push the profile to FortiClient.

In FortiClient, if the configuration allows it, you can disconnect FortiClient from FortiOS. Only EMS can control the connection between FortiClient and EMS. You can disconnect FortiClient from EMS only in EMS.

FortiClient installers created in EMS are embedded with the EMS server's IP address. This allows the endpoint to connect FortiClient Telemetry to the specified EMS server. The connection between FortiClient and EMS is a management Telemetry connection using a Telemetry gateway list.

The following shows the EMS GUI in this scenario.

The following show the FortiClient 6.0 Compliance & Telemetry tab in this scenario when FortiClient is compliant with the compliance rules from FortiGate.

Previous
Next

FortiClient with FortiGate and EMS

In this scenario, FortiClient establishes two Telemetry connections: to FortiGate and to EMS. EMS pushes configuration information in an endpoint profile to FortiClient, while FortiOS provides compliance rules.

FortiClient follows the endpoint profile configuration received from EMS. FortiClient settings are locked so the endpoint user cannot change any configuration. EMS is expected to provide a profile that configures FortiClient to comply with rules received from FortiOS. If any configuration does not comply, you must fix it in EMS.

EMS can also import a FortiClient Profile from FortiOS, then push the profile to FortiClient.

In FortiClient, if the configuration allows it, you can disconnect FortiClient from FortiOS. Only EMS can control the connection between FortiClient and EMS. You can disconnect FortiClient from EMS only in EMS.

FortiClient installers created in EMS are embedded with the EMS server's IP address. This allows the endpoint to connect FortiClient Telemetry to the specified EMS server. The connection between FortiClient and EMS is a management Telemetry connection using a Telemetry gateway list.

The following shows the EMS GUI in this scenario.

The following show the FortiClient 6.0 Compliance & Telemetry tab in this scenario when FortiClient is compliant with the compliance rules from FortiGate.

Previous
Next