Adding FortiClient EMS to the Security Fabric
You can configure endpoint control for your Security Fabric using FortiClient Endpoint Management System (EMS).
|
If you disable the FortiClient Endpoint Management System (EMS) option found on the Security Fabric > Settings page, it deletes all previously configured EMS server entries. |
To configure an EMS Server - GUI:
- To enable endpoint control, go to System > Feature Visibility and under Security Features, enable Endpoint Control. The FortiClient Endpoint Management System (EMS) section appears in the Security Fabric > Settings page.
- Go to Security Fabric > Settings and enable FortiClient Endpoint Management System (EMS).
- Select the + to add it and enter the following:
| Name | Enter the name of the EMS server. |
| Address | Select the FortiClient EMS address from the drop-down menu or select the + to create a new IP address or hostname. |
| Serial Number | |
| REST API Calls |
You can add a maximum of 16 EMS Servers.
- Apply your changes.
To configure endpoint control settings - CLI:
config endpoint-control settings
set forticlient-ems-rest-api-call-timeout <value>
end
where the value is set between 500 to 30000 milliseconds (default of 5000).
To configure a FortiClient Enterprise Management server - CLI:
config endpoint-control forticlient-ems
edit 1
set address <firewall-address-name>
set serial-number <FortiClient-EMS-serial-number>
set listen-port <listen-port-number>
set upload-port <upload-port-number>
set rest-api-auth <FortiClient-EMS-REST-API-authentication>
next
end
where the following values are set to:
| Variable | Description |
|---|---|
listen-port-number
|
Set the listening port between 1 and 65535. The default port is 8013. |
upload-port-number
|
Set the uploading port between 1 and 65535. The default port is 8014. |
To configure FortiClient registration synchronization settings - CLI:
config endpoint-control forticlient-registration-synch
edit <default-name>
config {forticlient-winmac-setting | forticlient-android-settings | forticlient-ios-settings}
next
end
To configure FortiClient endpoint control profiles - CLI:
config endpoint-control profile
edit <profile-name>
config {forticlient-winmac-setting | forticlient-android-settings | forticlient-ios-settings}
set forticlient-ems-entries <FortiClient-EMS-entry-name>
next
end
For information about FortiClient EMS, see FortiClient documentation.
Troubleshooting
The following commands can be useful for testing FortiClient EMS settings, including: signing in or out of FortiClient EMS, quarantining clients using EMS REST API, and adding quarantine calls to the queue. For additional troubleshooting commands, see the FortiOS CLI Reference.
diagnose endpoint forticlient-ems-rest-api signin <FortiClient-EMS-entry-name>diagnose endpoint forticlient-ems-rest-api signout <FortiClient-EMS-entry-name>diagnose endpoint forticlient-ems-rest-api quarantine-by-ipv4 <ipv4> <FortiClient-EMS-entry-name>diagnose endpoint forticlient-ems-rest-api unquarantine-by-ipv4 <ipv4> <FortiClient-EMS-entry-name>diagnose endpoint forticlient-ems-rest-api queue-quarantine-ipv4 <ipv4-address>[,<ipv4-address>...]To add multiple entries, separate the entries by a comma (no spaces).diagnose endpoint forticlient-ems-rest-api queue-unquarantine-ipv4 <ipv4>To add multiple entries, separate the entries by a comma (no spaces).[,<ipv4-address>...]diagnose debug application fcnacd_ems <integer>
Copyright © 2022 Fortinet, Inc. All Rights Reserved. | Terms of Service | Privacy Policy
