Fortinet black logo

EMS Administration Guide

Standalone FortiClient EMS

Standalone FortiClient EMS

The diagram below shows the topology when using FortiClient EMS in standalone mode.

In this scenario, EMS provides FortiClient endpoint provisioning. FortiClient connects Telemetry to EMS to receive configuration information in an endpoint profile as part of an endpoint policy from EMS. EMS also sends compliance verification rules to FortiClient, and use the results from FortiClient to dynamically group endpoints in EMS. Only EMS can control the connection between FortiClient and EMS. Any changes to the connection must be made from EMS, not FortiClient. When FortiClient is connected to EMS, FortiClient settings are locked so the endpoint user cannot change any configuration. To disconnect FortiClient from EMS, the EMS administrator must deregister the endpoint in EMS.

When viewing the endpoint in the EMS GUI, the endpoint's connection is shown as Managed by EMS.

The below shows the FortiClient GUI when FortiClient is connected to FortiClient EMS. You can also view the IP address, hostname, and serial number of the FortiClient EMS to which FortiClient Telemetry is connected. This means FortiClient EMS can push profiles to FortiClient. FortiClient EMS is providing endpoint provisioning to FortiClient.

Standalone FortiClient EMS

The diagram below shows the topology when using FortiClient EMS in standalone mode.

In this scenario, EMS provides FortiClient endpoint provisioning. FortiClient connects Telemetry to EMS to receive configuration information in an endpoint profile as part of an endpoint policy from EMS. EMS also sends compliance verification rules to FortiClient, and use the results from FortiClient to dynamically group endpoints in EMS. Only EMS can control the connection between FortiClient and EMS. Any changes to the connection must be made from EMS, not FortiClient. When FortiClient is connected to EMS, FortiClient settings are locked so the endpoint user cannot change any configuration. To disconnect FortiClient from EMS, the EMS administrator must deregister the endpoint in EMS.

When viewing the endpoint in the EMS GUI, the endpoint's connection is shown as Managed by EMS.

The below shows the FortiClient GUI when FortiClient is connected to FortiClient EMS. You can also view the IP address, hostname, and serial number of the FortiClient EMS to which FortiClient Telemetry is connected. This means FortiClient EMS can push profiles to FortiClient. FortiClient EMS is providing endpoint provisioning to FortiClient.