FortiClient EMS Platform for Endpoint Security Deployment & Management

Endpoints can also be moved into separate containers / groups allowing for customized profiles to be created and deployed. These profiles can range from custom AV and Vulnerability scanning options to web filtering and application firewall enforcement based on user type (ie. Staff, Student, Admin).

Leveraging profiles helps to not only organize the deployment and management of different device groups, but also assist in simple tasks such as disabling AV under special circumstances. The process to disable AV on some endpoint solutions can be pretty convoluted and can sometimes even require client uninstall to do so – in FortiClient EMS, it’s as simple as moving the device(s) into a container with a profile that has AV disabled. To re-enable, just move it back to the original container.

Web and Application Firewall

The web filtering and application firewall modules can be implemented to add an additional layer of security and compliance to endpoints. The enforcement of content as well as management of profiles and settings can persist even while the device is off-net. Off-net management is achieved by making the FortiClient EMS server accessible from the outside - endpoints can be configured to send its telemetry data to an outside gateway which then also allows profile changes to be synced.

Choose from block, allow or monitor for each web and application category.

Get more granular by selecting application signatures and applying block, allow or monitor status as needed.

Logging and Reporting



FortiClient EMS can also send traffic and event logs to a FortiAnalyzer, allowing for additional visibility into endpoint security events. Reporting options are also available from the FortiAnalyzer.