In managed mode, FortiClient is connected to EMS or a FortiGate. Another option is to connect FortiClient to EMS and a FortiGate. In managed mode, FortiClient licensing is applied to the FortiGate or EMS. No separate license is required for FortiClient itself.
When connected only to EMS, EMS manages FortiClient. However, FortiClient cannot participate in network compliance or the Fortinet Security Fabric.
When connected to a FortiGate, FortiClient integrates with the Security Fabric to provide endpoint awareness, compliance, and enforcement by sharing endpoint telemetry regardless of device location, such as corporate headquarters or a café. At its core, FortiClient automates prevention of known and unknown threats through its built-in host-based security stack and integration with FortiSandbox. FortiClient also provides secure remote access to corporate assets via VPN with native two-factor authentication coupled with single sign on.
FortiClient works cooperatively with the Security Fabric. This is done by extending the Security Fabric down to the endpoints to secure them via security profiles, by sharing endpoint telemetry to increase awareness of where systems, users, and data reside within an organization, and by enabling the implementation of proper segmentation to protect these endpoints.
At regular intervals, FortiClient sends telemetry data to the nearest associated FortiGate. This visibility coupled with built-in controls from the FortiGate allows the security administrator to construct a policy to deny access to endpoints with known vulnerabilities or to quarantine compromised endpoints with a single click.