Configuring Server settings
To configure Server settings:
- Go to System Settings > Server.
- Configure the following options:
Displays the FortiClient EMS server's host name.
Listen on IP
Displays the IP addresses for the FortiClient EMS server. FortiClient connects to FortiClient EMS on the specified IP address.
Listen on port
Displays the default port for the FortiClient EMS server. You can change the port by typing a new port number. FortiClient connects using the specified port number.
Displays the default port used for FortiClient to upload large amounts of data (100+ KB of data per connection) to FortiClient EMS. You can change the port by typing a new port number.
Turn on to specify a fully qualified domain name (FQDN) for the FortiClient EMS server.
Displayed when Use FQDN is turned on. Type the FQDN for the FortiClient EMS server. FortiClient can connect using the specified IP address in the Listen on IP Addresses option or the specified FQDN.
Enable to monitor endpoints within the company network (on-net).
Endpoints connected to FortiClient EMS from outside the company network are off-net endpoints.
There are two settings in EMS that affect the FortiClient on-net/off-net status:
- DHCP on-net/off-net setting in EMS
- Subnet setting in EMS
DHCP on-net/off-net setting
Option 224 serial number
Option not configured
Off or on
Yes and match
Configured or not
Off or on
Yes and do not match
Configured or not
- no: subnet setting in EMS is disabled
- yes: subnet setting in EMS is configured
- match: client has an IP address in the configured EMS subnet
- not match: client has an IP address not in the configured EMS subnet
The following are examples on how FortiClient determines the endpoint when FortiClient is connected to EMS only. For details on how FortiClient determines on-net/off-net status in managed mode with FortiGate and FortiClient EMS, see the FortiClient Administration Guide.
- An endpoint has a status of offline when it cannot connect FortiClient Telemetry to EMS and is outside one of the on-net networks.
- An endpoint has a status of offline but on-net when it cannot connect FortiClient Telemetry to EMS but is inside one of the on-net networks.
Option 224 can have any Fortinet device's serial number. EMS assumes FortiClient is behind a FortiGate and on-net with that FortiGate.
Remote HTTPS access
Specify settings for remote administration access to FortiClient EMS.
Turn remote HTTPS access to FortiClient EMS console on and off. When enabled, type a host name in the Custom Host Name box to let administrators use a browser and HTTPS to log into the FortiClient EMS console. When disabled, administrators can only log into FortiClient EMS console on the server.
Available when Remote Administration HTTPS Access is turned on. Displays the pre-defined host name. The name cannot be changed.
Available when Remote Administration HTTPS Access is turned on. Displays the pre-defined host name of the server on which FortiClient EMS is installed. You can customize the host name. When you change the host name, the web server restarts.
Redirect HTTP request to HTTPS
Available when Remote Administration HTTPS Access is turned on. If this option is enabled, if you attempt to remotely access EMS at http://<server_name>, this is automatically redirected to https://<server_name>.
FortiClient download URL
FortiClient installers created in FortiClient EMS will be made available for download at the URL.
Open port 10443 in Windows Firewall
Turn on to open port 10443, and turn off to close port 10443. Port 10443 is used to download FortiClient.
Displays the SSL certificate currently imported. If you have not imported an SSL certificate, a No SSL certificate imported message displays.
New SSL Certificate File
Upload a new SSL certificate.
New SSL Private Key
Upload a new SSL private key.
Sign software packages
Enable this option to have Windows FortiClient software installers created by or uploaded to EMS digitally signed with a code signing certificate.
Enter the server address to timestamp software installers with.
Upload the desired code signing certificate. This must be a .pfx file. After a certificate has been uploaded, its expiry date is also displayed.
Enter the certificate password. This is required for EMS to sign the software installers with the certificate.
- Click Save.