Fortinet white logo
Fortinet white logo

EMS Administration Guide

FortiOS dynamic policies using EMS dynamic endpoint groups

FortiOS dynamic policies using EMS dynamic endpoint groups

After defining Zero Trust tagging rules in EMS, you can configure FortiOS to receive the dynamic endpoint groups from EMS using the FortiClient EMS Fabric connector which supports SSL and imports trusted certificates. When a change to the dynamic endpoint groups occurs, such as an endpoint being added to or removed from a group, EMS sends the update to FortiOS, and FortiOS updates its dynamic policies accordingly, providing dynamic access control based on endpoint status.

EMS supports this feature with FortiOS 6.4 and 6.2. Configuration differs depending on the FortiOS version that you use:

Caution

FortiOS only receives endpoint information and enforces compliance for directly connected endpoints. Directly connected endpoints are the ones that have FortiGate as the default gateway.

Caution

This feature does not work for endpoints that are connected to a VPN tunnel.

FortiOS dynamic policies using EMS dynamic endpoint groups

FortiOS dynamic policies using EMS dynamic endpoint groups

After defining Zero Trust tagging rules in EMS, you can configure FortiOS to receive the dynamic endpoint groups from EMS using the FortiClient EMS Fabric connector which supports SSL and imports trusted certificates. When a change to the dynamic endpoint groups occurs, such as an endpoint being added to or removed from a group, EMS sends the update to FortiOS, and FortiOS updates its dynamic policies accordingly, providing dynamic access control based on endpoint status.

EMS supports this feature with FortiOS 6.4 and 6.2. Configuration differs depending on the FortiOS version that you use:

Caution

FortiOS only receives endpoint information and enforces compliance for directly connected endpoints. Directly connected endpoints are the ones that have FortiGate as the default gateway.

Caution

This feature does not work for endpoints that are connected to a VPN tunnel.