• Home
  • About us
  • Contact
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Welcome to www.DoitFixit.com

www.doitfixit.com

  • Microsoft
  • Fortinet
  • Symantec
  • Office 365
  • Azure
  • Others
  • Show Search
Hide Search

How to Configure/Integrate FortiClient EMS with FortiAnalyzer

July 11, 2021 By Damitha Anuradha Leave a Comment

You can follow below simple steps to configure FortiClient EMS and FortiAnalyzer to get the FortiClient logs in FortiAnalyzer. Before following the steps make sure to check Release Notes of EMS and FortiAnalyzer for supported firmware versions for the integration for respective product versions.

First, you have to enable the Administrative Domain (ADOM) option in FortiAnalyzer. Log on to FortiAnlyzer and go to “System Settings”

Now in the Dashboard turn on “Administrative Domain” feature.

Now go to the “All ADOMs” section and select FortiClient. Then click on “Enter ADOM”

Click on “Device Manager”

Now click on “+ Add Device” to add a device.

Type IP Address, Serial Number of the EMS Server, and a Device Name. When you enter the S/N, the device model will be automatically changed to FortiClient-EMS. Once done click on “Next” to continue and the device will be added to the FortiAnalyzer.

EMS status in FortiAnalyzer will be showing as “Log Status Down” and Logs status will be in a red circle. The reason for this because the FortiAnalyzer is not receiving any FortiClient Logs.

Once the device receives logs from FortiClient the Log Status will be changed to “Real Time”.

Configure FortiAnalyzer Settings on FortiClient Endpoint Management Server

Log in to EMS and Go to Manage Profiles and set the FortiAnalyzer settings as below. Make sure to select the “SSL Enabled” option as FortiOS 6.4.X versions will not accept traffic if this option is disabled. You need to enable the setting on all the Manage Profiles.

Once the profile is synced to the client and according to your “Upload Schedule”, the logs will be forwarded to FortiAnalyzer and the FortiAnalyzer will start to get the logs. Also, note that FortiClient devices should have direct access to FortiAnalyzer on Port 514 to forward the logs.

To verify FortiClient Logs are receiving by the FortiAnlyzer you can use the below diagnose command.

diagnose sniffer packet any 'host <FortiClient IP Address> and tcp and port 514'

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Recent Posts

  • privacy
  • Veeam Backup – Failed to prepare guests for volume snapshot
  • How to Configure/Integrate FortiClient EMS with FortiAnalyzer
  • Backup Hyper-V Virtual Machines with Pass-Through Disks
  • Slow Network Speed with Hyper-V Virtual Machines on Windows Server Server 2019
  • Block MS Exchange Server OWA access from Internet
  • Error 1168 – The specified product key could not be validated.
  • Unable to Enable Desktop Icons after Joining to the Domain
  • Veritas BackupExec – A backup set was created which contains no data 0xe00084b7
  • Download Offline Address Book – Unexpected Error has occurred

Deprecated: genesis_footer_creds_text is deprecated since version 3.1.0! Use genesis_pre_get_option_footer_text instead. This filter is no longer supported. You can now modify your footer text using the Theme Settings. in /home/wwwdoitf/public_html/wp-includes/functions.php on line 5238