Telemetry Gateway IP Lists
In managed mode, FortiClient can use a Telemetry Gateway IP List to automatically locate FortiGate/EMS for FortiClient Telemetry connection.
The Telemetry Gateway IP List is a list of gateway IP addresses that FortiClient can use to connect FortiClient Telemetry to FortiGate/EMS. After FortiClient installation completes on the endpoint device, FortiClient automatically launches and uses the Telemetry Gateway IP List to locate FortiGate/EMS for FortiClient Telemetry connection.
After FortiClient is installed on the endpoint and FortiClient Telemetry is connected to FortiGate/EMS, you can view the Telemetry Gateway IP List in the FortiClient console. See View gateway IP lists on page 59.
Configure Telemetry Gateway IP Lists (EMS)
FortiClient EMS includes the option to create one or more Telemetry Gateway IP Lists. The list can include IP addresses for EMS and for FortiGate. You can assign Telemetry Gateway IP Lists to domains and workgroups in EMS. You can also update the assigned Telemetry Gateway IP Lists after FortiClient is installed, and the updated lists are pushed to FortiClient endpoints. See the FortiClient EMS Administration Guide.
Configure Telemetry Gateway IP Lists (FortiGate)
If you are using FortiGate without EMS, you can add Telemetry Gateway IP addresses to the FortiClient installer by using the Configurator Tool. See Custom FortiClient Installations on page 110.
This section provides an overview of how to configure, provision, and use FortiClient in managed mode.
Configure endpoint management
Before you provision FortiClient in managed mode, you must configure FortiGate or EMS to manage FortiClient endpoints. You can use FortiGate, EMS, or both FortiGate/EMS to manage FortiClient endpoints. The configuration process depends on what product you will use to manage FortiClient endpoints.
When FortiGate is integrated with EMS, you can sometimes assign two profiles to FortiClient endpoints. Each profile has a different purpose. The purpose of the profile from FortiGate is to communicate the compliance rules to FortiClient endpoints. If the profile created by using FortiGate has non-compliance set to block or warn, you can optionally create a profile by using EMS to communicate configuration settings for FortiClient software on endpoints. For more information, see the FortiClient EMS Administration Guide.
If the compliance action is set to block or warn in the FortiClient profile created by using FortiGate, FortiGate does not provision the FortiClient endpoint, and you must manually configure FortiClient or configure FortiClient by using EMS. If the compliance action is set to auto-update, FortiGate makes a best effort to provision FortiClient endpoints to be compliant with the compliance rules.
To configure endpoint management:
- Configure the product or products that you will use to manage FortiClient endpoints. The following table identifies where to find instructions:
|FortiGate||Configure FortiGate endpoint control. See Configure FortiGate on page 33. For more information, see the FortiOS Handbook.|
|EMS||See the FortiClient EMS Administration Guide.|
|FortiGate integrated with
|For FortiGate, configure endpoint control. See Configure FortiGate on page 33. For more information, see the FortiOS Handbook.
For EMS, see the FortiClient EMS Administration Guide.
After you configure EMS, FortiGate, or both FortiGate/EMS to manage FortiClient endpoints, you are ready to provision FortiClient.
This section provides an overview of how to provision FortiClient in managed mode.
To provision FortiClient:
- Ensure that you have configured EMS, FortiGate, or both FortiGate/EMS to manage FortiClient endpoints.
- Provision FortiClient on endpoint computers with Internet access. See FortiClient Provisioning on page 44. You can use one of the following methods:
l FortiClient EMS with a Microsoft Active Directory server l Microsoft Active Directory server
After FortiClient installs, FortiClient Telemetry attempts connection to FortiGate/EMS. For more information, see FortiClient Telemetry Connection on page 51.
After FortiClient Telemetry is connected to FortiGate/EMS, FortiClient downloads a profile from FortiGate/EMS. The computer with FortiClient installed and FortiClient Telemetry connected is now a managed endpoint.
- Use one or more of the following methods to monitor managed endpoints: l FortiGate l FortiClient EMS
Having trouble configuring your Fortinet hardware or have some questions you need answered? Ask your questions in the comments below!!! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!
Don't Forget To Buy Your Fortinet Hardware From The Fortinet GURU