Fortinet white logo
Fortinet white logo

EMS Administration Guide

Adding a group assignment rule

Adding a group assignment rule

To add an installer ID group assignment rule:

An installer ID group assignment rule automatically places endpoints with the specified installer ID into the specified endpoint group.

  1. Go to Endpoints > Group Assignment Rules.
  2. Click Add.
  3. Under Type, select Installer ID.
  4. In the Installer ID field, enter the desired installer ID.
  5. In the Group field, do one of the following:
    • To place the endpoints into an existing group, select the desired group from the dropdown list.
    • To place the endpoints into a new group, click Create a new group and enter the desired group name. FortiClient EMS creates the new group. To create a new nested group, enter the desired group hierarchy. For example, to create a Seattle group nested under a West Coast group, enter West Coast/Seattle. FortiClient EMS then dynamically creates any group that does not exist. For example, if both the West Coast and Seattle groups do not exist, FortiClient EMS creates both groups with the desired hierarchy. If the West Coast group exists, FortiClient EMS creates a new Seattle group nested under it.
  6. Enable or disable the rule by toggling Enable Rule on or off.
  7. Click Save.
To add an IP address group assignment rule:

An IP address group assignment rule automatically places all endpoints with an IP address in the specified subnet or IP address range into the specified endpoint group.

  1. Go to Endpoints > Group Assignment Rules.
  2. Click Add.
  3. Under Type, select IP Address.
  4. In the Subnet/IP Range field, enter the desired subnet or IP address range. You must enter an IPv4 range, such as 192.168.1.1-192.168.1.5, or an IPv4 subnet with subnet mask, such as 192.168.0.0/28. You cannot enter an IPv6 range or subnet. EMS automatically places endpoints whose IP addresses belong to the specified subnet or IP address range into the specified group.
  5. In the Group field, do one of the following:
    • To place the endpoints into an existing group, select the desired group from the dropdown list.
    • To place the endpoints into a new group, click Create a new group and enter the desired group name. FortiClient EMS creates the new group. To create a new nested group, enter the desired group hierarchy. For example, to create a Seattle group nested under a West Coast group, enter West Coast/Seattle. FortiClient EMS then dynamically creates any group that does not exist. For example, if both the West Coast and Seattle groups do not exist, FortiClient EMS creates both groups with the desired hierarchy. If the West Coast group exists, FortiClient EMS creates a new Seattle group nested under it.
  6. Enable or disable the rule by toggling Enable Rule on or off.
  7. Click Save.
To add an OS group assignment rule:

An OS group assignment rule automatically places all endpoints with the specified OS installed into the specified endpoint group.

  1. Go to Endpoints > Group Assignment Rules.
  2. Click Add.
  3. Under Type, select OS.
  4. In the OS field, enter the OS. EMS automatically places endpoints that have the specified OS installed into the specified group. You can enter only the OS name or specify a version number. For example, you can enter "Windows" to place endpoints with any version of Windows installed into the specified endpoint group. You can also specify "Windows Server 2019" to only place endpoints that have Windows Server 2019 installed into the specified endpoint group.
  5. In the Group field, do one of the following:
    • To place the endpoints into an existing group, select the desired group from the dropdown list.
    • To place the endpoints into a new group, click Create a new group and enter the desired group name. FortiClient EMS creates the new group. To create a new nested group, enter the desired group hierarchy. For example, to create a Seattle group nested under a West Coast group, enter West Coast/Seattle. FortiClient EMS then dynamically creates any group that does not exist. For example, if both the West Coast and Seattle groups do not exist, FortiClient EMS creates both groups with the desired hierarchy. If the West Coast group exists, FortiClient EMS creates a new Seattle group nested under it.
  6. Enable or disable the rule by toggling Enable Rule on or off.
  7. Click Save.
To add an invitation group assignment rule:

An invitation group assignment rule automatically places all endpoints that connected to EMS using the specified invitation code into the specified endpoint group.

  1. Go to Endpoints > Group Assignment Rules.
  2. Click Add.
  3. Under Type, select Invitation.
  4. From the Invitation dropdown list, select the desired invitation. You must have previously configured invitations for this option to be available. See Invitations. EMS automatically places endpoints that connected to EMS using that invitation code into the specified group.
  5. In the Group field, do one of the following:
    • To place the endpoints into an existing group, select the desired group from the dropdown list.
    • To place the endpoints into a new group, click Create a new group and enter the desired group name. FortiClient EMS creates the new group. To create a new nested group, enter the desired group hierarchy. For example, to create a Seattle group nested under a West Coast group, enter West Coast/Seattle. FortiClient EMS then dynamically creates any group that does not exist. For example, if both the West Coast and Seattle groups do not exist, FortiClient EMS creates both groups with the desired hierarchy. If the West Coast group exists, FortiClient EMS creates a new Seattle group nested under it.
  6. Enable or disable the rule by toggling Enable Rule on or off.
  7. Click Save.

Adding a group assignment rule

Adding a group assignment rule

To add an installer ID group assignment rule:

An installer ID group assignment rule automatically places endpoints with the specified installer ID into the specified endpoint group.

  1. Go to Endpoints > Group Assignment Rules.
  2. Click Add.
  3. Under Type, select Installer ID.
  4. In the Installer ID field, enter the desired installer ID.
  5. In the Group field, do one of the following:
    • To place the endpoints into an existing group, select the desired group from the dropdown list.
    • To place the endpoints into a new group, click Create a new group and enter the desired group name. FortiClient EMS creates the new group. To create a new nested group, enter the desired group hierarchy. For example, to create a Seattle group nested under a West Coast group, enter West Coast/Seattle. FortiClient EMS then dynamically creates any group that does not exist. For example, if both the West Coast and Seattle groups do not exist, FortiClient EMS creates both groups with the desired hierarchy. If the West Coast group exists, FortiClient EMS creates a new Seattle group nested under it.
  6. Enable or disable the rule by toggling Enable Rule on or off.
  7. Click Save.
To add an IP address group assignment rule:

An IP address group assignment rule automatically places all endpoints with an IP address in the specified subnet or IP address range into the specified endpoint group.

  1. Go to Endpoints > Group Assignment Rules.
  2. Click Add.
  3. Under Type, select IP Address.
  4. In the Subnet/IP Range field, enter the desired subnet or IP address range. You must enter an IPv4 range, such as 192.168.1.1-192.168.1.5, or an IPv4 subnet with subnet mask, such as 192.168.0.0/28. You cannot enter an IPv6 range or subnet. EMS automatically places endpoints whose IP addresses belong to the specified subnet or IP address range into the specified group.
  5. In the Group field, do one of the following:
    • To place the endpoints into an existing group, select the desired group from the dropdown list.
    • To place the endpoints into a new group, click Create a new group and enter the desired group name. FortiClient EMS creates the new group. To create a new nested group, enter the desired group hierarchy. For example, to create a Seattle group nested under a West Coast group, enter West Coast/Seattle. FortiClient EMS then dynamically creates any group that does not exist. For example, if both the West Coast and Seattle groups do not exist, FortiClient EMS creates both groups with the desired hierarchy. If the West Coast group exists, FortiClient EMS creates a new Seattle group nested under it.
  6. Enable or disable the rule by toggling Enable Rule on or off.
  7. Click Save.
To add an OS group assignment rule:

An OS group assignment rule automatically places all endpoints with the specified OS installed into the specified endpoint group.

  1. Go to Endpoints > Group Assignment Rules.
  2. Click Add.
  3. Under Type, select OS.
  4. In the OS field, enter the OS. EMS automatically places endpoints that have the specified OS installed into the specified group. You can enter only the OS name or specify a version number. For example, you can enter "Windows" to place endpoints with any version of Windows installed into the specified endpoint group. You can also specify "Windows Server 2019" to only place endpoints that have Windows Server 2019 installed into the specified endpoint group.
  5. In the Group field, do one of the following:
    • To place the endpoints into an existing group, select the desired group from the dropdown list.
    • To place the endpoints into a new group, click Create a new group and enter the desired group name. FortiClient EMS creates the new group. To create a new nested group, enter the desired group hierarchy. For example, to create a Seattle group nested under a West Coast group, enter West Coast/Seattle. FortiClient EMS then dynamically creates any group that does not exist. For example, if both the West Coast and Seattle groups do not exist, FortiClient EMS creates both groups with the desired hierarchy. If the West Coast group exists, FortiClient EMS creates a new Seattle group nested under it.
  6. Enable or disable the rule by toggling Enable Rule on or off.
  7. Click Save.
To add an invitation group assignment rule:

An invitation group assignment rule automatically places all endpoints that connected to EMS using the specified invitation code into the specified endpoint group.

  1. Go to Endpoints > Group Assignment Rules.
  2. Click Add.
  3. Under Type, select Invitation.
  4. From the Invitation dropdown list, select the desired invitation. You must have previously configured invitations for this option to be available. See Invitations. EMS automatically places endpoints that connected to EMS using that invitation code into the specified group.
  5. In the Group field, do one of the following:
    • To place the endpoints into an existing group, select the desired group from the dropdown list.
    • To place the endpoints into a new group, click Create a new group and enter the desired group name. FortiClient EMS creates the new group. To create a new nested group, enter the desired group hierarchy. For example, to create a Seattle group nested under a West Coast group, enter West Coast/Seattle. FortiClient EMS then dynamically creates any group that does not exist. For example, if both the West Coast and Seattle groups do not exist, FortiClient EMS creates both groups with the desired hierarchy. If the West Coast group exists, FortiClient EMS creates a new Seattle group nested under it.
  6. Enable or disable the rule by toggling Enable Rule on or off.
  7. Click Save.