Re: Forti EMS on non-domain server
I tried to leverage between practicaly (domain joined) and theoreticaly (isolated standalone box in DMZ...) best options.
We will start with AD joined and when we well establish whole sytem, we will migrate to standalone, that's the plan at least.
I think that punching hole with 8013 is not that big of a deal.
Will also apply geo-block with security profiles and "heavier" monitoring and we're good to go (I think).
I also noticed that there is no forticlient application signature in Application Control, it would be nice if filtration could be done that way also.
I wanted split DNS, but decided that even local users pull telemetry from public side.
If we would do split dns, all of our branches would have to access DMZ from inside and that a hustle to config
It is working fine like this, but I have a feeling that am I missing something :-)