Zero Trust tagging rules enhancement 7.0.1
FortiClient EMS adds the following enhancements to Zero Trust tagging rules:
Logical OR operation support
To configure a rule using OR:
- Go to Zero Trust Tags > Zero Trust Tagging Rules.
- Click Add.
- Click Add Rule.
- Configure a rule as desired. This example configures a Windows running process rule that checks that Notepad and riskyprocess.exe are running on the endpoint.
- Click Save. By default, the rule is configured with the logical AND operation. Therefore, in this example, the rule checks that both Notepad and riskyprocess.exe are running on the endpoint.
- Click Edit Logic. Change the logic to OR, then click Save.
-
To verify the rule, run Notepad on an endpoint that is connected to EMS. Verify that no process named riskyprocess.exe is running on the endpoint.
- In EMS, go to Zero Trust Tags > Zero Trust Tag Monitor. Confirm that the endpoint appears under the vulnerable_PC rule.
Importing and exporting Zero Trust tagging rules
To import and export Zero Trust tagging rules:
- Go to Zero Trust Tags > Zero Trust Tagging Rules.
- Click Export to export the currently defined rules.
- Ensure that a JSON file of the rules is downloaded.
- You can use import the same rules to another EMS using the JSON files. On another EMS, go to Zero Trust Tags > Zero Trust Tagging Rules and click Import. Browse to and select the desired JSON file. Click Import.
On-Fabric rules
EMS supports on-Fabric Zero Trust tagging rules. EMS currently does not support the NOT option for this rule type.
To create an on-Fabric/off-Fabric rule:
- Go to Zero Trust Tags > Zero Trust Tagging Rules.
- Click Add.
- Click Add Rule.
- From the Rule Type dropdown list, select On-Fabric Status.
- Click Save.