Fortinet white logo
Fortinet white logo

EMS Administration Guide

Zero Trust Tagging Rules

Zero Trust Tagging Rules

You can create, edit, and delete Zero Trust tagging rules for endpoints. You can also view and manage the tags used to dynamically tag endpoints.

The following occurs when using Zero Trust tagging rules with EMS and FortiClient:

  1. EMS sends Zero Trust tagging rules to endpoints via Telemetry communication.
  2. FortiClient checks endpoints using the provided rules and sends the results to EMS. When endpoint network changes or user logon/logoff events occur, FortiClient triggers an X-FFCK-TAG message to EMS, even if there are no tag changes. Once EMS receives the tags, it processes them immediately, and FortiOS tags update within five seconds from the REST API response. For other tag changes, FortiClient sends the information to EMS regularly as per the configured keepalive intervals. See Configuring EMS settings.
  3. EMS receives the results from FortiClient.
  4. EMS dynamically groups endpoints together using the tag configured for each rule. You can view the dynamic endpoint groups in Zero Trust Tags > Zero Trust Tag Monitor. See Zero Trust Tag Monitor.

Zero Trust Tagging Rules

Zero Trust Tagging Rules

You can create, edit, and delete Zero Trust tagging rules for endpoints. You can also view and manage the tags used to dynamically tag endpoints.

The following occurs when using Zero Trust tagging rules with EMS and FortiClient:

  1. EMS sends Zero Trust tagging rules to endpoints via Telemetry communication.
  2. FortiClient checks endpoints using the provided rules and sends the results to EMS. When endpoint network changes or user logon/logoff events occur, FortiClient triggers an X-FFCK-TAG message to EMS, even if there are no tag changes. Once EMS receives the tags, it processes them immediately, and FortiOS tags update within five seconds from the REST API response. For other tag changes, FortiClient sends the information to EMS regularly as per the configured keepalive intervals. See Configuring EMS settings.
  3. EMS receives the results from FortiClient.
  4. EMS dynamically groups endpoints together using the tag configured for each rule. You can view the dynamic endpoint groups in Zero Trust Tags > Zero Trust Tag Monitor. See Zero Trust Tag Monitor.