Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • CLI Reference

    7.2.2
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.16
    6.2.15
    6.2.14
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.0.0
    5.6.0
    5.4.0
    5.2.0
    5.0.0

    config endpoint-control fctems

    config endpoint-control fctems

    Configure FortiClient Enterprise Management Server (EMS) entries.

    config endpoint-control fctems

    Description: Configure FortiClient Enterprise Management Server (EMS) entries.

    edit <ems-id>

    set status [enable|disable]

    set name {string}

    set dirty-reason [none|mismatched-ems-sn]

    set fortinetone-cloud-authentication [enable|disable]

    set server {string}

    set https-port {integer}

    set serial-number {string}

    set tenant-id {string}

    set source-ip {ipv4-address-any}

    set pull-sysinfo [enable|disable]

    set pull-vulnerabilities [enable|disable]

    set pull-avatars [enable|disable]

    set pull-tags [enable|disable]

    set pull-malware-hash [enable|disable]

    set cloud-server-type [production|alpha|...]

    set capabilities {option1}, {option2}, ...

    set call-timeout {integer}

    set out-of-sync-threshold {integer}

    set websocket-override [disable|enable]

    set preserve-ssl-session [enable|disable]

    set interface-select-method [auto|sdwan|...]

    set interface {string}

    next

    end

    config endpoint-control fctems

    Parameter

    Description

    Type

    Size

    Default

    status

    Enable or disable this EMS configuration.

    option

    -

    disable

    Option

    Description

    enable

    Enable EMS configuration and operation.

    disable

    Disable EMS configuration and operation.

    name

    FortiClient Enterprise Management Server (EMS) name.

    string

    Not Specified

    dirty-reason

    Dirty Reason for FortiClient EMS.

    option

    -

    none

    Option

    Description

    none

    FortiClient EMS entry not dirty.

    mismatched-ems-sn

    FortiClient EMS entry dirty because EMS SN is mismatched with configured SN.

    fortinetone-cloud-authentication

    Enable/disable authentication of FortiClient EMS Cloud through FortiCloud account.

    option

    -

    disable

    Option

    Description

    enable

    Enable authentication of FortiClient EMS Cloud through the use of FortiCloud account.

    disable

    Disable authentication of FortiClient EMS Cloud through the use of FortiCloud account.

    server

    FortiClient EMS FQDN or IPv4 address.

    string

    Not Specified

    https-port

    FortiClient EMS HTTPS access port number. .

    integer

    Minimum value: 1 Maximum value: 65535

    443

    serial-number

    EMS Serial Number.

    string

    Not Specified

    tenant-id

    EMS Tenant ID.

    string

    Not Specified

    source-ip

    REST API call source IP.

    ipv4-address-any

    Not Specified

    0.0.0.0

    pull-sysinfo

    Enable/disable pulling SysInfo from EMS.

    option

    -

    enable

    Option

    Description

    enable

    Enable pulling FortiClient user SysInfo from EMS.

    disable

    Disable pulling FortiClient user SysInfo from EMS.

    pull-vulnerabilities

    Enable/disable pulling vulnerabilities from EMS.

    option

    -

    enable

    Option

    Description

    enable

    Enable pulling client vulnerabilities from EMS.

    disable

    Disable pulling client vulnerabilities from EMS.

    pull-avatars

    Enable/disable pulling avatars from EMS.

    option

    -

    enable

    Option

    Description

    enable

    Enable pulling FortiClient user avatars from EMS.

    disable

    Disable pulling FortiClient user avatars from EMS.

    pull-tags

    Enable/disable pulling FortiClient user tags from EMS.

    option

    -

    enable

    Option

    Description

    enable

    Enable pulling FortiClient user tags from EMS.

    disable

    Disable pulling FortiClient user tags from EMS.

    pull-malware-hash

    Enable/disable pulling FortiClient malware hash from EMS.

    option

    -

    enable

    Option

    Description

    enable

    Enable pulling FortiClient malware hash from EMS.

    disable

    Disable pulling FortiClient malware hash from EMS.

    cloud-server-type

    Cloud server type.

    option

    -

    production

    Option

    Description

    production

    Production FortiClient EMS Cloud Controller.

    alpha

    Alpha FortiClient EMS Cloud Controller. For testing only.

    beta

    Beta FortiClient EMS Cloud Controller. For testing only.

    capabilities

    List of EMS capabilities.

    option

    -

    Option

    Description

    fabric-auth

    Allow this FortiGate unit to load the authentication page provided by EMS to authenticate itself with EMS.

    silent-approval

    Allow silent approval of non-root or FortiGate HA clusters on EMS in the Security Fabric.

    websocket

    Enable/disable websockets for this FortiGate unit. Override behavior using websocket-override.

    websocket-malware

    Allow this FortiGate unit to request malware hash notifications over websocket.

    push-ca-certs

    Enable/disable syncing deep inspection certificates with EMS.

    common-tags-api

    Can recieve tag information from New Common Tags API from EMS.

    tenant-id

    Allow this FortiGate to retrieve Tenant-ID from EMS.

    call-timeout

    FortiClient EMS call timeout in seconds .

    integer

    Minimum value: 1 Maximum value: 180

    30

    out-of-sync-threshold

    Outdated resource threshold in seconds .

    integer

    Minimum value: 10 Maximum value: 3600

    180

    websocket-override

    Enable/disable override behavior for how this FortiGate unit connects to EMS using a WebSocket connection.

    option

    -

    disable

    Option

    Description

    disable

    Do not override the WebSocket connection. Connect to WebSocket of this EMS server if it is capable (default).

    enable

    Override the WebSocket connection. Do not connect to WebSocket even if EMS is capable of a WebSocket connection.

    preserve-ssl-session

    Enable/disable preservation of EMS SSL session connection. Warning, most users should not touch this setting.

    option

    -

    disable

    Option

    Description

    enable

    Allow preservation of EMS SSL session connection.

    disable

    Don't allow preservation of EMS SSL session connection.

    interface-select-method

    Specify how to select outgoing interface to reach server.

    option

    -

    auto

    Option

    Description

    auto

    Set outgoing interface automatically.

    sdwan

    Set outgoing interface by SD-WAN or policy routing rules.

    specify

    Set outgoing interface manually.

    interface

    Specify outgoing interface to reach server.

    string

    Not Specified

    Previous
    Next

    config endpoint-control fctems

    config endpoint-control fctems

    Configure FortiClient Enterprise Management Server (EMS) entries.

    config endpoint-control fctems

    Description: Configure FortiClient Enterprise Management Server (EMS) entries.

    edit <ems-id>

    set status [enable|disable]

    set name {string}

    set dirty-reason [none|mismatched-ems-sn]

    set fortinetone-cloud-authentication [enable|disable]

    set server {string}

    set https-port {integer}

    set serial-number {string}

    set tenant-id {string}

    set source-ip {ipv4-address-any}

    set pull-sysinfo [enable|disable]

    set pull-vulnerabilities [enable|disable]

    set pull-avatars [enable|disable]

    set pull-tags [enable|disable]

    set pull-malware-hash [enable|disable]

    set cloud-server-type [production|alpha|...]

    set capabilities {option1}, {option2}, ...

    set call-timeout {integer}

    set out-of-sync-threshold {integer}

    set websocket-override [disable|enable]

    set preserve-ssl-session [enable|disable]

    set interface-select-method [auto|sdwan|...]

    set interface {string}

    next

    end

    config endpoint-control fctems

    Parameter

    Description

    Type

    Size

    Default

    status

    Enable or disable this EMS configuration.

    option

    -

    disable

    Option

    Description

    enable

    Enable EMS configuration and operation.

    disable

    Disable EMS configuration and operation.

    name

    FortiClient Enterprise Management Server (EMS) name.

    string

    Not Specified

    dirty-reason

    Dirty Reason for FortiClient EMS.

    option

    -

    none

    Option

    Description

    none

    FortiClient EMS entry not dirty.

    mismatched-ems-sn

    FortiClient EMS entry dirty because EMS SN is mismatched with configured SN.

    fortinetone-cloud-authentication

    Enable/disable authentication of FortiClient EMS Cloud through FortiCloud account.

    option

    -

    disable

    Option

    Description

    enable

    Enable authentication of FortiClient EMS Cloud through the use of FortiCloud account.

    disable

    Disable authentication of FortiClient EMS Cloud through the use of FortiCloud account.

    server

    FortiClient EMS FQDN or IPv4 address.

    string

    Not Specified

    https-port

    FortiClient EMS HTTPS access port number. .

    integer

    Minimum value: 1 Maximum value: 65535

    443

    serial-number

    EMS Serial Number.

    string

    Not Specified

    tenant-id

    EMS Tenant ID.

    string

    Not Specified

    source-ip

    REST API call source IP.

    ipv4-address-any

    Not Specified

    0.0.0.0

    pull-sysinfo

    Enable/disable pulling SysInfo from EMS.

    option

    -

    enable

    Option

    Description

    enable

    Enable pulling FortiClient user SysInfo from EMS.

    disable

    Disable pulling FortiClient user SysInfo from EMS.

    pull-vulnerabilities

    Enable/disable pulling vulnerabilities from EMS.

    option

    -

    enable

    Option

    Description

    enable

    Enable pulling client vulnerabilities from EMS.

    disable

    Disable pulling client vulnerabilities from EMS.

    pull-avatars

    Enable/disable pulling avatars from EMS.

    option

    -

    enable

    Option

    Description

    enable

    Enable pulling FortiClient user avatars from EMS.

    disable

    Disable pulling FortiClient user avatars from EMS.

    pull-tags

    Enable/disable pulling FortiClient user tags from EMS.

    option

    -

    enable

    Option

    Description

    enable

    Enable pulling FortiClient user tags from EMS.

    disable

    Disable pulling FortiClient user tags from EMS.

    pull-malware-hash

    Enable/disable pulling FortiClient malware hash from EMS.

    option

    -

    enable

    Option

    Description

    enable

    Enable pulling FortiClient malware hash from EMS.

    disable

    Disable pulling FortiClient malware hash from EMS.

    cloud-server-type

    Cloud server type.

    option

    -

    production

    Option

    Description

    production

    Production FortiClient EMS Cloud Controller.

    alpha

    Alpha FortiClient EMS Cloud Controller. For testing only.

    beta

    Beta FortiClient EMS Cloud Controller. For testing only.

    capabilities

    List of EMS capabilities.

    option

    -

    Option

    Description

    fabric-auth

    Allow this FortiGate unit to load the authentication page provided by EMS to authenticate itself with EMS.

    silent-approval

    Allow silent approval of non-root or FortiGate HA clusters on EMS in the Security Fabric.

    websocket

    Enable/disable websockets for this FortiGate unit. Override behavior using websocket-override.

    websocket-malware

    Allow this FortiGate unit to request malware hash notifications over websocket.

    push-ca-certs

    Enable/disable syncing deep inspection certificates with EMS.

    common-tags-api

    Can recieve tag information from New Common Tags API from EMS.

    tenant-id

    Allow this FortiGate to retrieve Tenant-ID from EMS.

    call-timeout

    FortiClient EMS call timeout in seconds .

    integer

    Minimum value: 1 Maximum value: 180

    30

    out-of-sync-threshold

    Outdated resource threshold in seconds .

    integer

    Minimum value: 10 Maximum value: 3600

    180

    websocket-override

    Enable/disable override behavior for how this FortiGate unit connects to EMS using a WebSocket connection.

    option

    -

    disable

    Option

    Description

    disable

    Do not override the WebSocket connection. Connect to WebSocket of this EMS server if it is capable (default).

    enable

    Override the WebSocket connection. Do not connect to WebSocket even if EMS is capable of a WebSocket connection.

    preserve-ssl-session

    Enable/disable preservation of EMS SSL session connection. Warning, most users should not touch this setting.

    option

    -

    disable

    Option

    Description

    enable

    Allow preservation of EMS SSL session connection.

    disable

    Don't allow preservation of EMS SSL session connection.

    interface-select-method

    Specify how to select outgoing interface to reach server.

    option

    -

    auto

    Option

    Description

    auto

    Set outgoing interface automatically.

    sdwan

    Set outgoing interface by SD-WAN or policy routing rules.

    specify

    Set outgoing interface manually.

    interface

    Specify outgoing interface to reach server.

    string

    Not Specified

    Previous
    Next