The following deployment options for EMS are supported: standalone or integrated with FortiGate.
In standalone mode, a FortiGate device is not required, and network access control (NAC) is not supported. In standalone mode, EMS deploys FortiClient software on endpoints, and FortiClient endpoints connect FortiClient Telemetry to EMS to receive configuration information from EMS. EMS is used to deploy, configure, and monitor FortiClient endpoints.
In integrated mode, a FortiGate device is required, and NAC is supported. In integrated mode, EMS deploys FortiClient software on endpoints, and FortiClient endpoints connect FortiClient Telemetry to FortiGate to receive compliance rules. FortiClient endpoints also connect to EMS to be managed. After FortiClient endpoints are connected, compliance rules are downloaded from FortiGate to the endpoint. EMS might also push a profile of FortiClient configuration information to endpoints. FortiClient endpoints are now managed, and NAC is enforced.
FortiClient uses the compliance rules from FortiGate to communicate whether the endpoint is compliant. If an endpoint fails to meet the compliance rules, the steps required to remain compliant are communicated. For more information, see the FortiClient Administration Guide.