Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

EMS Administration Guide

Fabric Devices

You can view all FortiGates that the EMS has authorized in Administration > Fabric Devices. You can also deny or authorize a FortiGate. These FortiGates receive endpoint data from EMS. FortiClient does not directly connect to FortiGates listed on this page.

To edit the Fabric device tag sharing settings:
  1. Go to Administration > Fabric Devices.
  2. Select the desired device, then select Edit.
  3. From the FortiClient Endpoint Sharing dropdown list, select one of the following:

    Option

    Description

    Share all FortiClients

    The selected FortiGate receives all endpoints' resolved IP or MAC addresses (hereafter referred to as "host tag"), regardless of whether the gateways point to the selected FortiGate.

    Only share FortiClients connected to this fabric device (Recommended)

    This is the default setting. The selected FortiGate only receives the host tags for endpoints whose gateways point to the selected FortiGate.

    Share FortiClients connected to selected fabric devices

    The selected FortiGate receives host tags for the following:

    • Endpoints whose gateways point to the selected FortiGate
    • Endpoints whose gateways point to the configured additional FortiGates. You can configure up to four additional FortiGates.
  4. In Tag Types Being Shared, select at least one of the tag types to share. Zero Trust Tags is selected by default and cannot be deselected. EMS only shares the selected tag types with the configured Fabric devices.
  5. Click Save.
To change the FortiGate authorization status:
  1. Go to Administration > Fabric Devices.
  2. Select the desired FortiGate.
  3. Click Deny or Authorize. The FortiGate status in the Authorized column changes.

Fabric Devices

You can view all FortiGates that the EMS has authorized in Administration > Fabric Devices. You can also deny or authorize a FortiGate. These FortiGates receive endpoint data from EMS. FortiClient does not directly connect to FortiGates listed on this page.

To edit the Fabric device tag sharing settings:
  1. Go to Administration > Fabric Devices.
  2. Select the desired device, then select Edit.
  3. From the FortiClient Endpoint Sharing dropdown list, select one of the following:

    Option

    Description

    Share all FortiClients

    The selected FortiGate receives all endpoints' resolved IP or MAC addresses (hereafter referred to as "host tag"), regardless of whether the gateways point to the selected FortiGate.

    Only share FortiClients connected to this fabric device (Recommended)

    This is the default setting. The selected FortiGate only receives the host tags for endpoints whose gateways point to the selected FortiGate.

    Share FortiClients connected to selected fabric devices

    The selected FortiGate receives host tags for the following:

    • Endpoints whose gateways point to the selected FortiGate
    • Endpoints whose gateways point to the configured additional FortiGates. You can configure up to four additional FortiGates.
  4. In Tag Types Being Shared, select at least one of the tag types to share. Zero Trust Tags is selected by default and cannot be deselected. EMS only shares the selected tag types with the configured Fabric devices.
  5. Click Save.
To change the FortiGate authorization status:
  1. Go to Administration > Fabric Devices.
  2. Select the desired FortiGate.
  3. Click Deny or Authorize. The FortiGate status in the Authorized column changes.