FortiClient EMS supports the following deployment scenarios: participating in the Fortinet Security Fabric or standalone.
This deployment requires a FortiGate and supports NAC. In this scenario, FortiClient Telemetry connects to EMS to receive a profile of configuration information as part of an endpoint policy. EMS connects to FortiGate to participate in the Security Fabric and allow endpoints to participate in the Fabric. The FortiGate can also receive dynamic endpoint group lists from EMS and use them to build dynamic firewall policies. Depending on the EMS Zero Trust tagging rules and policies configured in FortiOS, the FortiClient endpoint may be blocked from accessing the network.
Standalone mode does not require a FortiGate. In standalone mode, EMS deploys FortiClient on endpoints, and endpoints connect Telemetry to EMS to receive configuration information from EMS. EMS also sends Zero Trust tagging rules to FortiClient, and uses the results from FortiClient to dynamically group endpoints in EMS. You use EMS to deploy, configure, and monitor FortiClient endpoints.