FortiClient EMS – Centralized Endpoint and VPN Management (FORTI3)

Networking, Fortinet

FortiClient EMS provides a single console to manage and deploy endpoints, configure remote access at scale and enforce access policies, covering VPN and ZTNA. The course explains EMS architecture, integration with FortiGate and FortiAnalyzer and core security posture controls and telemetry.

In hands-on labs you'll practice endpoint provisioning, client rollout and policy creation, including SAML via Microsoft Entra ID and AD Connector. Learn deployment packages, invitation-based installs and how to configure SSL VPN, IPSec over TCP and ZTNA with ZTNA tags for access control.

Location, current course term

Contact us

Custom Customized Training (date, location, content, duration)

The course:

Hide detail
  • Comparison: FortiGate vs FortiOS vs Remote Access
    1. Sunsetting of SSL VPN
    2. IPSec over TCP
    3. Agentless VPN
    4. ZTNA
  • Introduction to FortiClient Editions and FortiClient EMS
    1. FortiClient VPN only, FortiClient VPN/ZTNA, FortiClient EPP/ATP
    2. FortiClient EMS — HA and Failover
  • Basic administration
    1. Use of SAML via Microsoft Entra ID
    2. Multi-tenancy options and MDM support
  • Authentication options
    1. Microsoft Entra ID and Active Directory
    2. AD Connector (FortiClient EMS Cloud)
  • LAB1: FortiGate + FortiClient EMS
    1. Basic FortiClient EMS setup
    2. Connecting FortiClient EMS with FortiGate
    3. SAML configuration for Entra ID; use in EMS and FortiGate admin access
  • FortiClient Deployment
    1. Deployment Packages and Zero Trust Telemetry
    2. Secure Access, Vulnerability Scan, APT protection
    3. Security features: Web Filtering, Application Firewall, ZTNA, etc.
  • FortiClient Deployment Package
    1. Invitation code and user verification
    2. FortiClient installation workflow
  • Provisioning
    1. Endpoint Policy
    2. On-Fabric detection
    3. Endpoint Management
    4. Endpoint Profiles
  • LAB2: FortiClient EMS
    1. Deploy FortiClient to a workstation; connect to EMS and verify via Entra ID
    2. Create On-Fabric detection rules, Endpoint Policies and Endpoint Profiles (Web Filter, Vulnerability Scan, Application Firewall, Removable Media Access)
  • Remote Access options
    1. Security Posture Tags
    2. SSL VPN and IPSec over TCP
    3. ZTNA
  • LAB3: FortiGate + FortiClient EMS
    1. Using ZTNA Tags within the LAN
    2. Configure SSL VPN with SAML auth and ZTNA Tags
    3. Configure IPSec over TCP with SAML auth and ZTNA Tags
    4. Configure ZTNA with SAML authentication
  • LAB4: Integration of FortiGate and FortiClient EMS with FortiAnalyzer
Assumed knowledge:
Basic understanding of networking and endpoint administration.
Recommended previous course:
FortiGate – Firewall Configuration and Management (FORTI1)
Schedule:
2 days (9:00 AM - 5:00 PM )
Course price:
792.00 € ( 958.32 € incl. 21% VAT)
Language: