Telemetry Gateway IP Lists

Telemetry Gateway IP Lists

In managed mode, FortiClient can use a Telemetry Gateway IP List to automatically locate FortiGate/EMS for FortiClient Telemetry connection.

The Telemetry Gateway IP List is a list of gateway IP addresses that FortiClient can use to connect FortiClient Telemetry to FortiGate/EMS. After FortiClient installation completes on the endpoint device, FortiClient automatically launches and uses the Telemetry Gateway IP List to locate FortiGate/EMS for FortiClient Telemetry connection.

After FortiClient is installed on the endpoint and FortiClient Telemetry is connected to FortiGate/EMS, you can view the Telemetry Gateway IP List in the FortiClient console. See View gateway IP lists on page 59.

Configure Telemetry Gateway IP Lists (EMS)

FortiClient EMS includes the option to create one or more Telemetry Gateway IP Lists. The list can include IP addresses for EMS and for FortiGate. You can assign Telemetry Gateway IP Lists to domains and workgroups in EMS. You can also update the assigned Telemetry Gateway IP Lists after FortiClient is installed, and the updated lists are pushed to FortiClient endpoints. See the FortiClient EMS Administration Guide.

Configure Telemetry Gateway IP Lists (FortiGate)

If you are using FortiGate without EMS, you can add Telemetry Gateway IP addresses to the FortiClient installer by using the Configurator Tool. See Custom FortiClient Installations on page 110.

Get started

This section provides an overview of how to configure, provision, and use FortiClient in managed mode.

 

Get started

Configure endpoint management

Before you provision FortiClient in managed mode, you must configure FortiGate or EMS to manage FortiClient endpoints. You can use FortiGate, EMS, or both FortiGate/EMS to manage FortiClient endpoints. The configuration process depends on what product you will use to manage FortiClient endpoints.

When FortiGate is integrated with EMS, you can sometimes assign two profiles to FortiClient endpoints. Each profile has a different purpose. The purpose of the profile from FortiGate is to communicate the compliance rules to FortiClient endpoints. If the profile created by using FortiGate has non-compliance set to block or warn, you can optionally create a profile by using EMS to communicate configuration settings for FortiClient software on endpoints. For more information, see the FortiClient EMS Administration Guide.

If the compliance action is set to block or warn in the FortiClient profile created by using FortiGate, FortiGate does not provision the FortiClient endpoint, and you must manually configure FortiClient or configure FortiClient by using EMS. If the compliance action is set to auto-update, FortiGate makes a best effort to provision FortiClient endpoints to be compliant with the compliance rules.

To configure endpoint management:

  1. Configure the product or products that you will use to manage FortiClient endpoints. The following table identifies where to find instructions:
FortiGate Configure FortiGate endpoint control. See Configure FortiGate on page 33. For more information, see the FortiOS Handbook.
EMS See the FortiClient EMS Administration Guide.
FortiGate integrated with

EMS

For FortiGate, configure endpoint control. See Configure FortiGate on page 33. For more information, see the FortiOS Handbook.

For EMS, see the FortiClient EMS Administration Guide.

After you configure EMS, FortiGate, or both FortiGate/EMS to manage FortiClient endpoints, you are ready to provision FortiClient.

Provision FortiClient

This section provides an overview of how to provision FortiClient in managed mode.

To provision FortiClient:

  1. Ensure that you have configured EMS, FortiGate, or both FortiGate/EMS to manage FortiClient endpoints.
  2. Provision FortiClient on endpoint computers with Internet access. See FortiClient Provisioning on page 44. You can use one of the following methods:

l FortiClient EMS with a Microsoft Active Directory server l Microsoft Active Directory server

After FortiClient installs, FortiClient Telemetry attempts connection to FortiGate/EMS. For more information, see FortiClient Telemetry Connection on page 51.

After FortiClient Telemetry is connected to FortiGate/EMS, FortiClient downloads a profile from FortiGate/EMS. The computer with FortiClient installed and FortiClient Telemetry connected is now a managed endpoint.

  1. Use one or more of the following methods to monitor managed endpoints: l FortiGate l FortiClient EMS
This entry was posted in FortiClient and tagged , on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.