Hi,
Again, I’m not a fortigate guy… What are the implications of not having EMS? I see verbiage about having to configure vpn clients manually?
What does that mean? With Cisco, I just configure the settings for anyconnect on my FMC console. We don’t have anything fancy, just split tunneling, some routes, dns, IP for clients to connect to etc… When someone downloads the client from the vpn ip, it basically auto configures itself.
Will forticlient do same without EMS? or is it that I’d have to configure each fortigate indenpendelty in my environment (we are getting fortimanager btw). Sorry I’m trying to get response out of sales too and I’m in a rush and they’re super slow to respond… thanks!
EMS is a management tool. Once the is deployed you can push configs, software updates to the client.
But more importantly, the client communicates with EMS. You can configure rules and tag the client (is the client on-network or does it use VPN? Is the client secure (if you have the anti-ransomware / antivirus license?
These tags get pushed to the fortigate and you can use these tags in firewall policies to allow (or deny) access to the network.
You are not required to use FortiClientEMS but it will make your life easier. If you don’t have it you will have to publish configs / import them manually.
Edit: more up to date link
EMS also gives you the ability to push UTM profiles to your endpoints. So when users have their managed devices at home, the same UTM profiles can be applied to their network traffic. This prevents them from accessing potentially malicious or risky content even when not directly behind your FortiGate.
You will also see logs on the EMS about users interacting with these ‘bad’ internet destinations and can even see things like vulnerable software their device has installed.
Because their client product is poor and causes your users issues if try via an Enterprise deplotment product like Intune, you need EMS to resolve.
I stopped annoying my users/ removed Swiss cheese security and got Entra private access
Make life easier is an understatement. Config changes and updates are super fast. Faster than any 3rd party RMM tool I’ve seen.
Ok Thanks. We’ve requested pricing. Sounds like as long as pricing is reasonable we’ll probably go with it.