Fortinet black logo

Administration Guide

Predefined Policies

Copy Link
Copy Doc ID 82fbe02c-e479-11eb-97f7-00505692583a:901655
Download PDF

Predefined Policies

FortiEDR is provided out-of-the-box with several predefined policies, ready for you to get started. These policies are marked with the logo.

  • The Default Communication Control policy is one such policy, and is always listed first in the list of policies. The Default Communication Control policy is a blocklisting policy that is automatically applied to any Collector Group that is not assigned to any of the other Communication Control policies.
  • The Servers predefined policy is an allowlist policy that assigns a Deny action to all applications by default, except for a list of known, recognized and legitimate applications, which are allowed. This policy gives your organization a jump-start, as some of the leg work to identify legitimate applications in your organization has already been done for you.
  • The Isolation predefined policy isolates (blocks) communication to/from a device. This policy cannot be deleted and only applies in Prevention mode. When this policy is in force and communication for a given device has been blocked, you can manually permit communication to/from the device for a specific application using the procedure below.
To permit communication to/from the device for a specific application:
  1. Select the APPLICATIONS page.
  2. Select the application/version to which you want to permit communication.
  3. Click the Modify Action button. The following displays:

  4. In the Isolation Policy row, select Allow in the dropdown menu.

Predefined Policies

FortiEDR is provided out-of-the-box with several predefined policies, ready for you to get started. These policies are marked with the logo.

  • The Default Communication Control policy is one such policy, and is always listed first in the list of policies. The Default Communication Control policy is a blocklisting policy that is automatically applied to any Collector Group that is not assigned to any of the other Communication Control policies.
  • The Servers predefined policy is an allowlist policy that assigns a Deny action to all applications by default, except for a list of known, recognized and legitimate applications, which are allowed. This policy gives your organization a jump-start, as some of the leg work to identify legitimate applications in your organization has already been done for you.
  • The Isolation predefined policy isolates (blocks) communication to/from a device. This policy cannot be deleted and only applies in Prevention mode. When this policy is in force and communication for a given device has been blocked, you can manually permit communication to/from the device for a specific application using the procedure below.
To permit communication to/from the device for a specific application:
  1. Select the APPLICATIONS page.
  2. Select the application/version to which you want to permit communication.
  3. Click the Modify Action button. The following displays:

  4. In the Isolation Policy row, select Allow in the dropdown menu.