Fortinet black logo

Zero Trust tagging rules enhancement 7.0.1

Copy Link
Copy Doc ID c7e1b029-a797-11eb-b70b-00505692583a:696656
Download PDF

Zero Trust tagging rules enhancement 7.0.1

FortiClient EMS adds the following enhancements to Zero Trust tagging rules:

Logical OR operation support

To configure a rule using OR:
  1. Go to Zero Trust Tags > Zero Trust Tagging Rules.
  2. Click Add.
  3. Click Add Rule.
  4. Configure a rule as desired. This example configures a Windows running process rule that checks that Notepad and riskyprocess.exe are running on the endpoint.

  5. Click Save. By default, the rule is configured with the logical AND operation. Therefore, in this example, the rule checks that both Notepad and riskyprocess.exe are running on the endpoint.

  6. Click Edit Logic. Change the logic to OR, then click Save.

  7. To verify the rule, run Notepad on an endpoint that is connected to EMS. Verify that no process named riskyprocess.exe is running on the endpoint.

  8. In EMS, go to Zero Trust Tags > Zero Trust Tag Monitor. Confirm that the endpoint appears under the vulnerable_PC rule.

Importing and exporting Zero Trust tagging rules

To import and export Zero Trust tagging rules:
  1. Go to Zero Trust Tags > Zero Trust Tagging Rules.
  2. Click Export to export the currently defined rules.
  3. Ensure that a JSON file of the rules is downloaded.

  4. You can use import the same rules to another EMS using the JSON files. On another EMS, go to Zero Trust Tags > Zero Trust Tagging Rules and click Import. Browse to and select the desired JSON file. Click Import.

On-Fabric rules

EMS supports on-Fabric Zero Trust tagging rules. EMS currently does not support the NOT option for this rule type.

To create an on-Fabric/off-Fabric rule:
  1. Go to Zero Trust Tags > Zero Trust Tagging Rules.
  2. Click Add.
  3. Click Add Rule.
  4. From the Rule Type dropdown list, select On-Fabric Status.
  5. Click Save.

Zero Trust tagging rules enhancement 7.0.1

FortiClient EMS adds the following enhancements to Zero Trust tagging rules:

Logical OR operation support

To configure a rule using OR:
  1. Go to Zero Trust Tags > Zero Trust Tagging Rules.
  2. Click Add.
  3. Click Add Rule.
  4. Configure a rule as desired. This example configures a Windows running process rule that checks that Notepad and riskyprocess.exe are running on the endpoint.

  5. Click Save. By default, the rule is configured with the logical AND operation. Therefore, in this example, the rule checks that both Notepad and riskyprocess.exe are running on the endpoint.

  6. Click Edit Logic. Change the logic to OR, then click Save.

  7. To verify the rule, run Notepad on an endpoint that is connected to EMS. Verify that no process named riskyprocess.exe is running on the endpoint.

  8. In EMS, go to Zero Trust Tags > Zero Trust Tag Monitor. Confirm that the endpoint appears under the vulnerable_PC rule.

Importing and exporting Zero Trust tagging rules

To import and export Zero Trust tagging rules:
  1. Go to Zero Trust Tags > Zero Trust Tagging Rules.
  2. Click Export to export the currently defined rules.
  3. Ensure that a JSON file of the rules is downloaded.

  4. You can use import the same rules to another EMS using the JSON files. On another EMS, go to Zero Trust Tags > Zero Trust Tagging Rules and click Import. Browse to and select the desired JSON file. Click Import.

On-Fabric rules

EMS supports on-Fabric Zero Trust tagging rules. EMS currently does not support the NOT option for this rule type.

To create an on-Fabric/off-Fabric rule:
  1. Go to Zero Trust Tags > Zero Trust Tagging Rules.
  2. Click Add.
  3. Click Add Rule.
  4. From the Rule Type dropdown list, select On-Fabric Status.
  5. Click Save.