EMS only
When FortiClient has connected Telemetry to EMS only, DHCP onnet/offnet and On-Net Subnets settings in EMS affect on-net/off-net status. See the FortiClient EMS Administration Guide for details on these settings.
The following table shows how various configurations determine the endpoint status when FortiClient Telemetry is connected to EMS:
DHCP onnet/offnet |
On-net detection rules |
Option 224 serial number |
Resulting endpoint status |
---|---|---|---|
Disabled |
Not configured |
N/A |
Endpoint is onnet when registered to EMS. |
Enabled |
Not configured |
Not configured |
Endpoint is offnet when registered to EMS. |
Enabled |
Not configured |
Configured |
Onnet Since Option 224 is configured with a Fortinet device's serial number, EMS assumes FortiClient is onnet with that FortiGate. |
N/A |
Enabled, with subnet configured. |
N/A |
Onnet The endpoint is inside the onnet networks configured in the applied endpoint policy's on-net detection rules. |
N/A |
Enabled, with subnet configured. Endpoint IP address is not in the configured subnet. |
N/A |
Offnet The endpoint is outside the onnet networks configured in the applied endpoint policy's on-net detection rules. |
An endpoint has an offline offnet status when it cannot connect FortiClient Telemetry to EMS and is outside any of the onnet networks.
An endpoint has an offline onnet status when it cannot connect FortiClient Telemetry to EMS but is inside one of the onnet networks, or if no on-net settings are configured within the assigned policy.