Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FortiDLP Administration Guide

    Home FortiDLP FortiDLP Administration Guide

    Agent configuration groups

    Agent configuration groups

    You can streamline configuration by defining groups of Agents that share settings, such as the activities monitored, the target version, and more.

    Simply create a group, assign it labels for the nodes you want to include, and set your configuration options as needed. You can then easily switch settings on and off and upgrade to new Agent software without affecting nodes outside of the group.

    Example

    For example, you could create a group for on-notice employees with email, clipboard, and keystroke monitoring enabled to protect against data loss, but have this functionality disabled for other employees.

    You could also create a General Data Protection Regulation (GDPR) compliance group, where web monitoring is disabled for employees in European countries.

    Each configuration group you create requires a priority. This determines the configuration that takes precedence if a node belongs to multiple groups. The larger the number, the higher the precedence—so a group with a priority of 4 would prevail over groups 0–3.

    A base configuration group is provided, which is assigned a priority of 0. You can use this group to apply general settings to all Agents in your deployment. Any additional configuration groups you create will automatically be assigned a higher priority which you can modify as needed. Unlike other configuration groups, the base configuration group specifies the values applied to all possible options to increase visibility of the applied configuration. For details on viewing your nodes applied settings, see Testing Agent configurations.

    Caution

    The base configuration group for FortiDLP Cloud tenants contains settings to install the FortiDLP Browser Extension and FortiDLP Email Plugin (Legacy) on supported OS versions out of the box—unless the tenant has been set to explicitly NOT install them.

    If you use a fleet management tool for your Agent deployment, and you do not want to install the extension and/or plugin:

    • For Agent 11.0.1 or earlier, prior to enrollment, set the Browser extension installation (Agent v11.0.1 or earlier) > Agent-initiated browser extension installation option and/or Agent-initiated email plugin installation option to Off in your base configuration group and only apply settings using your fleet management tool.
    • For Agent 11.1.1 or later, prior to enrollment, set the Browser extension installation (Agent v11.1.1 or later) option to Managed with external tool and/or Agent-initiated email plugin installation option to Off in your base configuration group and only apply settings using your fleet management tool.
    Previous
    Next

    Agent configuration groups

    Agent configuration groups

    You can streamline configuration by defining groups of Agents that share settings, such as the activities monitored, the target version, and more.

    Simply create a group, assign it labels for the nodes you want to include, and set your configuration options as needed. You can then easily switch settings on and off and upgrade to new Agent software without affecting nodes outside of the group.

    Example

    For example, you could create a group for on-notice employees with email, clipboard, and keystroke monitoring enabled to protect against data loss, but have this functionality disabled for other employees.

    You could also create a General Data Protection Regulation (GDPR) compliance group, where web monitoring is disabled for employees in European countries.

    Each configuration group you create requires a priority. This determines the configuration that takes precedence if a node belongs to multiple groups. The larger the number, the higher the precedence—so a group with a priority of 4 would prevail over groups 0–3.

    A base configuration group is provided, which is assigned a priority of 0. You can use this group to apply general settings to all Agents in your deployment. Any additional configuration groups you create will automatically be assigned a higher priority which you can modify as needed. Unlike other configuration groups, the base configuration group specifies the values applied to all possible options to increase visibility of the applied configuration. For details on viewing your nodes applied settings, see Testing Agent configurations.

    Caution

    The base configuration group for FortiDLP Cloud tenants contains settings to install the FortiDLP Browser Extension and FortiDLP Email Plugin (Legacy) on supported OS versions out of the box—unless the tenant has been set to explicitly NOT install them.

    If you use a fleet management tool for your Agent deployment, and you do not want to install the extension and/or plugin:

    • For Agent 11.0.1 or earlier, prior to enrollment, set the Browser extension installation (Agent v11.0.1 or earlier) > Agent-initiated browser extension installation option and/or Agent-initiated email plugin installation option to Off in your base configuration group and only apply settings using your fleet management tool.
    • For Agent 11.1.1 or later, prior to enrollment, set the Browser extension installation (Agent v11.1.1 or later) option to Managed with external tool and/or Agent-initiated email plugin installation option to Off in your base configuration group and only apply settings using your fleet management tool.
    Previous
    Next