Fortinet black logo

Administration Guide

Home FortiClient 6.2.2 Administration Guide
6.2.2
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.4
6.2.3
6.2.2
6.2.1
6.2.0
6.0.10
6.0.9
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.6.6
5.6.5
5.6.4
5.6.3
5.6.2
5.6.1
5.6.0
5.4.5
5.4.4
5.4.3
5.4.2
5.4.1
5.4.0

EMS only

EMS only

When FortiClient has connected Telemetry to EMS only, DHCP onnet/offnet and On-Net Subnets settings in EMS affect on-net/off-net status. See the FortiClient EMS Administration Guide for details on these settings.

The following table shows how various configurations determine the endpoint status when FortiClient Telemetry is connected to EMS:

DHCP onnet/offnet

On-net detection rules

Option 224 serial number

Resulting endpoint status

Disabled

Not configured

N/A

Endpoint is onnet when registered to EMS.

Enabled

Not configured

Not configured

Endpoint is offnet when registered to EMS.

Enabled

Not configured

Configured

Onnet

Since Option 224 is configured with a Fortinet device's serial number, EMS assumes FortiClient is onnet with that FortiGate.

N/A

Enabled, with subnet configured.

Endpoint IP address is in the configured subnet.

N/A

Onnet

The endpoint is inside the onnet networks configured in the applied endpoint policy's on-net detection rules.

N/A

Enabled, with subnet configured. Endpoint IP address is not in the configured subnet.

N/A

Offnet

The endpoint is outside the onnet networks configured in the applied endpoint policy's on-net detection rules.

An endpoint has an offline offnet status when it cannot connect FortiClient Telemetry to EMS and is outside any of the onnet networks.

An endpoint has an offline onnet status when it cannot connect FortiClient Telemetry to EMS but is inside one of the onnet networks, or if no on-net settings are configured within the assigned policy.

Previous
Next

EMS only

When FortiClient has connected Telemetry to EMS only, DHCP onnet/offnet and On-Net Subnets settings in EMS affect on-net/off-net status. See the FortiClient EMS Administration Guide for details on these settings.

The following table shows how various configurations determine the endpoint status when FortiClient Telemetry is connected to EMS:

DHCP onnet/offnet

On-net detection rules

Option 224 serial number

Resulting endpoint status

Disabled

Not configured

N/A

Endpoint is onnet when registered to EMS.

Enabled

Not configured

Not configured

Endpoint is offnet when registered to EMS.

Enabled

Not configured

Configured

Onnet

Since Option 224 is configured with a Fortinet device's serial number, EMS assumes FortiClient is onnet with that FortiGate.

N/A

Enabled, with subnet configured.

Endpoint IP address is in the configured subnet.

N/A

Onnet

The endpoint is inside the onnet networks configured in the applied endpoint policy's on-net detection rules.

N/A

Enabled, with subnet configured. Endpoint IP address is not in the configured subnet.

N/A

Offnet

The endpoint is outside the onnet networks configured in the applied endpoint policy's on-net detection rules.

An endpoint has an offline offnet status when it cannot connect FortiClient Telemetry to EMS and is outside any of the onnet networks.

An endpoint has an offline onnet status when it cannot connect FortiClient Telemetry to EMS but is inside one of the onnet networks, or if no on-net settings are configured within the assigned policy.

Previous
Next