Fortinet black logo

Administration Guide

EMS only

EMS only

When FortiClient has connected Telemetry to EMS only, DHCP onnet/offnet and On-Net Subnets settings in EMS affect on-net/off-net status. See the FortiClient EMS Administration Guide for details on these settings.

The following table shows how various configurations determine the endpoint status when FortiClient Telemetry is connected to EMS:

EMS DHCP onnet/off-netsetting

EMS On-Net Subnets setting

Option 224 serial number

Resulting endpoint status

Disabled

Disabled

N/A

When on-net subnets are not configured, on-net/off-net status is related to the endpoint's online/offline status (whether it is connected to EMS). An online status causes the endpoint to be on-net, while an offline status causes the endpoint to be off-net.

Enabled

Disabled

Not configured

Same as above.

Enabled

Disabled

Configured

On-net

Since Option 224 is configured with a Fortinet device's serial number, EMS assumes FortiClient is on-net with that FortiGate.

Disabled or enabled

Enabled, with subnet configured.

Endpoint IP address is in the configured subnet.

Configured or not

On-net

The endpoint is inside the on-net networks configured in On-Net Subnets.

Disabled or enabled

Enabled, with subnet configured. Endpoint IP address is not in the configured subnet.

Configured or not

Off-net

The endpoint is outside the on-net networks configured in On-Net Subnets.

The following examples show how endpoint status is determined when FortiClient is connected to EMS only:

  • The endpoint has an offline and off-net status when the endpoint cannot connect FortiClient Telemetry to EMS and is outside one of the on-net networks.
  • The endpoint has an offline on-net status when the endpoint cannot connect FortiClient Telemetry to EMS but is inside one of the on-net networks.

On-net subnets have higher priority over other settings. In addition, EMS does not compare the Option 224 serial number. As long as the endpoint has the serial number, EMS assumes the endpoint is behind a FortiGate and is on-net.

EMS only

When FortiClient has connected Telemetry to EMS only, DHCP onnet/offnet and On-Net Subnets settings in EMS affect on-net/off-net status. See the FortiClient EMS Administration Guide for details on these settings.

The following table shows how various configurations determine the endpoint status when FortiClient Telemetry is connected to EMS:

EMS DHCP onnet/off-netsetting

EMS On-Net Subnets setting

Option 224 serial number

Resulting endpoint status

Disabled

Disabled

N/A

When on-net subnets are not configured, on-net/off-net status is related to the endpoint's online/offline status (whether it is connected to EMS). An online status causes the endpoint to be on-net, while an offline status causes the endpoint to be off-net.

Enabled

Disabled

Not configured

Same as above.

Enabled

Disabled

Configured

On-net

Since Option 224 is configured with a Fortinet device's serial number, EMS assumes FortiClient is on-net with that FortiGate.

Disabled or enabled

Enabled, with subnet configured.

Endpoint IP address is in the configured subnet.

Configured or not

On-net

The endpoint is inside the on-net networks configured in On-Net Subnets.

Disabled or enabled

Enabled, with subnet configured. Endpoint IP address is not in the configured subnet.

Configured or not

Off-net

The endpoint is outside the on-net networks configured in On-Net Subnets.

The following examples show how endpoint status is determined when FortiClient is connected to EMS only:

  • The endpoint has an offline and off-net status when the endpoint cannot connect FortiClient Telemetry to EMS and is outside one of the on-net networks.
  • The endpoint has an offline on-net status when the endpoint cannot connect FortiClient Telemetry to EMS but is inside one of the on-net networks.

On-net subnets have higher priority over other settings. In addition, EMS does not compare the Option 224 serial number. As long as the endpoint has the serial number, EMS assumes the endpoint is behind a FortiGate and is on-net.