Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Administration Guide

EMS only

When FortiClient has connected Telemetry to EMS only, DHCP onnet/offnet and On-Net Subnets settings in EMS affect on-net/off-net status. See the FortiClient EMS Administration Guide for details on these settings.

The following table shows how various configurations determine the endpoint status when FortiClient Telemetry is connected to EMS:

DHCP onnet/offnet

On-net detection rules

Option 224 serial number

Resulting endpoint status

Disabled

Not configured

N/A

Endpoint is on-net when registered to EMS.

Enabled

Not configured

Not configured

Endpoint is off-net when registered to EMS.

Enabled

Not configured

Configured

On-net

Since Option 224 is configured with a Fortinet device's serial number, EMS assumes FortiClient is on-net with that FortiGate.

N/A

Enabled, with subnet configured.

Endpoint IP address is in the configured subnet.

N/A

On-net

The endpoint is inside the on-net networks configured in the applied endpoint policy's on-net detection rules.

N/A

Enabled, with subnet configured. Endpoint IP address is not in the configured subnet.

N/A

Off-net

The endpoint is outside the on-net networks configured in the applied endpoint policy's on-net detection rules.

An endpoint has an offline off-net status when it cannot connect FortiClient Telemetry to EMS and is outside any of the on-net networks.

An endpoint has an offline on-net status when it cannot connect FortiClient Telemetry to EMS but is inside one of the on-net networks, or if no on-net settings are configured within the assigned policy.

EMS only

When FortiClient has connected Telemetry to EMS only, DHCP onnet/offnet and On-Net Subnets settings in EMS affect on-net/off-net status. See the FortiClient EMS Administration Guide for details on these settings.

The following table shows how various configurations determine the endpoint status when FortiClient Telemetry is connected to EMS:

DHCP onnet/offnet

On-net detection rules

Option 224 serial number

Resulting endpoint status

Disabled

Not configured

N/A

Endpoint is on-net when registered to EMS.

Enabled

Not configured

Not configured

Endpoint is off-net when registered to EMS.

Enabled

Not configured

Configured

On-net

Since Option 224 is configured with a Fortinet device's serial number, EMS assumes FortiClient is on-net with that FortiGate.

N/A

Enabled, with subnet configured.

Endpoint IP address is in the configured subnet.

N/A

On-net

The endpoint is inside the on-net networks configured in the applied endpoint policy's on-net detection rules.

N/A

Enabled, with subnet configured. Endpoint IP address is not in the configured subnet.

N/A

Off-net

The endpoint is outside the on-net networks configured in the applied endpoint policy's on-net detection rules.

An endpoint has an offline off-net status when it cannot connect FortiClient Telemetry to EMS and is outside any of the on-net networks.

An endpoint has an offline on-net status when it cannot connect FortiClient Telemetry to EMS but is inside one of the on-net networks, or if no on-net settings are configured within the assigned policy.