Fortinet black logo

EMS Administration Guide

Windows, macOS, and Linux licenses

Windows, macOS, and Linux licenses

FortiClient EMS supports per-endpoint and per-user licensing.

Note

You cannot use both license types on one FortiClient EMS instance.

The following are the latest license bundles for FortiClient EMS:

License name

Description

Endpoint Protection Platform (EPP)

Full license that offers all FortiClient features. Includes all features detailed for the zero trust network access (ZTNA) license, as well as antivirus (AV), antiransomware, antiexploit, cloud-based malware detection, Application Firewall, software inventory, USB device control, and advanced threat protection via FortiClient Cloud Sandbox.

Fortinet offers this license for both per-endpoint and per-user licensing.

ZTNA

Includes support for Fabric Agent for endpoint telemetry, security posture check via ZTNA tagging, remote access (SSL and IPsec VPN), Vulnerability Scan, Web Filter, and threat protection via Sandbox (appliance only).

Each purchased ZTNA license allows management of one FortiClient Windows, macOS, Linux, iOS, Android, or Chromebook endpoint. You must purchase a minimum of 25 endpoint licenses, and you can have these licenses for a maximum five year term. You can specify the number of endpoints and the term duration at time of purchase.

If you do not apply a ZTNA license to EMS, no endpoints can register to EMS.

Fortinet offers this license for both per-endpoint and per-user licensing.

FortiSASE

License that applies for deployments using FortiSASE. See FortiSASE.

FortiGuard Endpoint Forensics Analysis

The forensic service provides remote endpoint analysis to help endpoint customers respond to and recover from cyber incidents. For each engagement, forensic analysts from Fortinet’s FortiGuard Labs remotely assist in the collection, examination, and presentation of digital evidence, including a final detailed report.

This is an add-on license that you can apply to per-endpoint EPP, ZTNA, and FortiSASE licensing.

You can purchase different numbers of EPP and ZTNA licenses. For example, you can purchase 100 EPP licenses and 200 ZTNA licenses. EMS applies licenses based on the features that are enabled in the endpoint's assigned profile.

For per-user licenses, you can manually remove or exclude users from management to free up license seats. Each per-user license allows the user to register three devices. If a user registers a fourth device, they consume two licenses.

Note

When using per-user licensing, using user verification is recommended. See User Management. If an endpoint connects to EMS by specifying the EMS IP address or using an invitation code, without using user verification, EMS considers the locally logged-in user identity as consuming a user license.

The following shows a more comprehensive comparison between the features included in the EPP and ZTNA licenses:

Feature

EPP

ZTNA

Zero Trust Security

Zero Trust Agent

Yes

Yes

Central management via EMS

Yes

Yes

Dynamic Security Fabric connector

Yes

Yes

Vulnerability agent and remediation

Yes

Yes

SSL VPN with multifactor authentication (MFA)

Yes

Yes

IPsec VPN with MFA

Yes

Yes

Sandbox appliance

Yes

Yes

Next Generation Endpoint Security

AI-powered next generation AV

Yes

FortiClient Cloud Sandbox

Yes

Automated endpoint quarantine

Yes

Application inventory

Yes

Application Firewall

Yes

Software Inventory

Yes

You must purchase a license for each registered endpoint or user.

Related Videos

sidebar video

FortiClient 7.0 Licensing Overview

  • 1,822 views
  • 2 years ago

Windows, macOS, and Linux licenses

FortiClient EMS supports per-endpoint and per-user licensing.

Note

You cannot use both license types on one FortiClient EMS instance.

The following are the latest license bundles for FortiClient EMS:

License name

Description

Endpoint Protection Platform (EPP)

Full license that offers all FortiClient features. Includes all features detailed for the zero trust network access (ZTNA) license, as well as antivirus (AV), antiransomware, antiexploit, cloud-based malware detection, Application Firewall, software inventory, USB device control, and advanced threat protection via FortiClient Cloud Sandbox.

Fortinet offers this license for both per-endpoint and per-user licensing.

ZTNA

Includes support for Fabric Agent for endpoint telemetry, security posture check via ZTNA tagging, remote access (SSL and IPsec VPN), Vulnerability Scan, Web Filter, and threat protection via Sandbox (appliance only).

Each purchased ZTNA license allows management of one FortiClient Windows, macOS, Linux, iOS, Android, or Chromebook endpoint. You must purchase a minimum of 25 endpoint licenses, and you can have these licenses for a maximum five year term. You can specify the number of endpoints and the term duration at time of purchase.

If you do not apply a ZTNA license to EMS, no endpoints can register to EMS.

Fortinet offers this license for both per-endpoint and per-user licensing.

FortiSASE

License that applies for deployments using FortiSASE. See FortiSASE.

FortiGuard Endpoint Forensics Analysis

The forensic service provides remote endpoint analysis to help endpoint customers respond to and recover from cyber incidents. For each engagement, forensic analysts from Fortinet’s FortiGuard Labs remotely assist in the collection, examination, and presentation of digital evidence, including a final detailed report.

This is an add-on license that you can apply to per-endpoint EPP, ZTNA, and FortiSASE licensing.

You can purchase different numbers of EPP and ZTNA licenses. For example, you can purchase 100 EPP licenses and 200 ZTNA licenses. EMS applies licenses based on the features that are enabled in the endpoint's assigned profile.

For per-user licenses, you can manually remove or exclude users from management to free up license seats. Each per-user license allows the user to register three devices. If a user registers a fourth device, they consume two licenses.

Note

When using per-user licensing, using user verification is recommended. See User Management. If an endpoint connects to EMS by specifying the EMS IP address or using an invitation code, without using user verification, EMS considers the locally logged-in user identity as consuming a user license.

The following shows a more comprehensive comparison between the features included in the EPP and ZTNA licenses:

Feature

EPP

ZTNA

Zero Trust Security

Zero Trust Agent

Yes

Yes

Central management via EMS

Yes

Yes

Dynamic Security Fabric connector

Yes

Yes

Vulnerability agent and remediation

Yes

Yes

SSL VPN with multifactor authentication (MFA)

Yes

Yes

IPsec VPN with MFA

Yes

Yes

Sandbox appliance

Yes

Yes

Next Generation Endpoint Security

AI-powered next generation AV

Yes

FortiClient Cloud Sandbox

Yes

Automated endpoint quarantine

Yes

Application inventory

Yes

Application Firewall

Yes

Software Inventory

Yes

You must purchase a license for each registered endpoint or user.