Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

EMS Administration Guide

Adding endpoints

Adding endpoints using an AD domain server

You can manually import endpoints from an AD server. You can import and synchronize information about computer accounts with an LDAP or LDAPS service. You can add endpoints by identifying endpoints that are part of an AD domain server.

A video on how to add a domain is available in the Fortinet Video Library.

You can add the entire domain or an OU from the domain.

To add endpoints using an AD domain server:
  1. Go to Endpoints > Manage Domains > Add. The Domain pane displays.
  2. Configure the following options:

    IP address/Hostname

    Enter the domain's IP address or hostname.

    Port

    Enter the port number.

    Distinguished name

    Enter the distinguished name (optional). You must use only capital letters when configuring the DN.

    Bind type

    Select the bind type: Simple, Anonymous, or Regular. When you select Regular, you must enter the Username and Password.

    Username

    Available when Bind type is set to Regular. Enter the username.

    Password

    Available when Bind type is set to Regular. Enter the user password.

    Show Password

    Available when Bind type is set to Regular. Turn on and off to show or hide the password.

    LDAPS connection

    Turn on to enable a secure connection protocol when Bind Type is set to Regular.

    Sync every

    Enter the sync schedule between FortiClient EMS and the domain in minutes. The default is ten minutes.

  3. Click Test to test the domain settings connection.
  4. If the test is successful, select Save to save the new domain. If not, correct the information as required, then test the settings again.
note icon

After importing endpoints from an AD server, you can edit the endpoints. These changes do not sync back to the AD server.

Connecting manually from FortiClient

Endpoint users can manually connect FortiClient Telemetry to FortiClient EMS by specifying the IP address for FortiClient EMS in FortiClient. This process is sometimes called registering FortiClient to FortiClient EMS.

To manually connect to EMS from FortiClient:
  1. In FortiClient on the endpoint, go to the Fabric Telemetry tab.
  2. In EMS IP box, enter the EMS IP address, and click Connect. FortiClient connects to FortiClient EMS.

For information about FortiClient, see the FortiClient Administration Guide.

Note

The FortiClient Telemetry gateway port may be appended to the gateway list address on FortiClient and separated by a colon. When the port is not provided, FortiClient attempts to connect to the IP address given using the default port. The default connection port in FortiClient 6.0 and 6.2 is 8013. By default, FortiClient EMS listens for connection on port 8013.

Note

It is considered best practice to add endpoints using an AD domain server. Connecting FortiClient to FortiClient EMS manually is only recommended for troubleshooting purposes.

Adding endpoints

Adding endpoints using an AD domain server

You can manually import endpoints from an AD server. You can import and synchronize information about computer accounts with an LDAP or LDAPS service. You can add endpoints by identifying endpoints that are part of an AD domain server.

A video on how to add a domain is available in the Fortinet Video Library.

You can add the entire domain or an OU from the domain.

To add endpoints using an AD domain server:
  1. Go to Endpoints > Manage Domains > Add. The Domain pane displays.
  2. Configure the following options:

    IP address/Hostname

    Enter the domain's IP address or hostname.

    Port

    Enter the port number.

    Distinguished name

    Enter the distinguished name (optional). You must use only capital letters when configuring the DN.

    Bind type

    Select the bind type: Simple, Anonymous, or Regular. When you select Regular, you must enter the Username and Password.

    Username

    Available when Bind type is set to Regular. Enter the username.

    Password

    Available when Bind type is set to Regular. Enter the user password.

    Show Password

    Available when Bind type is set to Regular. Turn on and off to show or hide the password.

    LDAPS connection

    Turn on to enable a secure connection protocol when Bind Type is set to Regular.

    Sync every

    Enter the sync schedule between FortiClient EMS and the domain in minutes. The default is ten minutes.

  3. Click Test to test the domain settings connection.
  4. If the test is successful, select Save to save the new domain. If not, correct the information as required, then test the settings again.
note icon

After importing endpoints from an AD server, you can edit the endpoints. These changes do not sync back to the AD server.

Connecting manually from FortiClient

Endpoint users can manually connect FortiClient Telemetry to FortiClient EMS by specifying the IP address for FortiClient EMS in FortiClient. This process is sometimes called registering FortiClient to FortiClient EMS.

To manually connect to EMS from FortiClient:
  1. In FortiClient on the endpoint, go to the Fabric Telemetry tab.
  2. In EMS IP box, enter the EMS IP address, and click Connect. FortiClient connects to FortiClient EMS.

For information about FortiClient, see the FortiClient Administration Guide.

Note

The FortiClient Telemetry gateway port may be appended to the gateway list address on FortiClient and separated by a colon. When the port is not provided, FortiClient attempts to connect to the IP address given using the default port. The default connection port in FortiClient 6.0 and 6.2 is 8013. By default, FortiClient EMS listens for connection on port 8013.

Note

It is considered best practice to add endpoints using an AD domain server. Connecting FortiClient to FortiClient EMS manually is only recommended for troubleshooting purposes.