endpoint-control
Use endpoint-control commands to configure the following parts of the Endpoint NAC feature:
- Endpoint license registration synchronization
- Endpoint NAC profiles
- Required minimum version of FortiClient Endpoint Security
- FortiClient installer download location
FortiClient profiles and registration can be controlled on the FortiGate. However, in order for FortiClient to register with the FortiGate, FortiTelemetry must be enabled on the interfaces facing the network endpoints. To do this in the CLI, under config system interface
, set fortiheartbeat
to enable
.
Use the config endpoint-control
to configure endpoint control in finer detail. In addition, use the following command to view a list of endpoint users, including their FortiClient UID, which VDOM they belong to, and view their compliance status:
diagnose endpoint registration list
Endpoint NAC is enabled in firewall policies.
This section includes syntax for the following commands: