In managed mode, FortiClient is connected to EMS or FortiGate. Another option is to connect FortiClient to EMS and FortiGate. In managed mode, FortiClient licensing is applied to FortiGate or EMS. No separate license is required for FortiClient itself.
When connected only to EMS, FortiClient is managed by EMS. However, FortiClient cannot participate in network compliance or Fortinet Security Fabric.
When connected to FortiGate, FortiClient integrates with Security Fabric to provide endpoint awareness, compliance, and enforcement by sharing endpoint telemetry regardless of device location, such as corporate headquarters or a cafÃ©. At its core, FortiClient automates prevention of known and unknown threats through its built-in host-based security stack and integration with FortiSandbox. FortiClient also provides secure remote access to corporate assets via VPN with native two-factor authentication coupled with single sign on.
FortiClient works cooperatively with Security Fabric. This is done by extending it down to the endpoints to secure them via security profiles, by sharing endpoint telemetry to increase awareness of where systems, users, and data reside within an organization, and by enabling the implementation of proper segmentation to protect these endpoints.
At regular intervals, FortiClient sends telemetry data to the nearest associated FortiGate. This visibility coupled with built-in controls from FortiGate allows the security administrator to construct a policy to deny access to endpoints with known vulnerabilities or to quarantine compromised endpoints with a single click.