Fortinet black logo

Administration Guide

Endpoint Compliance

Endpoint Compliance

Note

The FortiClient Manager pane is available for ADOM versions 6.0 and earlier, and you must enable the module by using the CLI. The FortiClient Manager pane is not available for ADOM versions 6.2 and later because FortiClient endpoints no longer send FortiTelemetry to FortiGate devices.

The FortiClient Manager pane enables you to centrally manage FortiClient profiles for multiple FortiGate devices and monitor FortiClient endpoints that are connected to FortiGate devices.

The FortiClient Manager pane is available for ADOM version 6.0 and earlier, and you must enable the module by using the CLI.

Endpoint control ensures that workstation computers (endpoints) and other network devices meet security requirements. Otherwise they are not permitted access. Endpoint control enforces the use of FortiClient Endpoint Security and pushes a FortiClient profile to the FortiClient application.

For information about FortiClient, see the FortiClient Administration Guide.

Additional configuration options and shortcuts are available using the right-click menu. Right-click on different parts of the navigation panes in the GUI to access these menus.

The FortiClient Manager pane includes the following tabs in the blue banner:

FortiTelemetry View managed FortiGate devices with central FortiClient management enabled. You can enable or disable FortiTelemetry for interfaces, enable or disable FortiClient enforcement on interfaces, and assign FortiClient profile packages to devices.
Monitor Monitor FortiClient endpoints by compliance status or interface. You can perform the following actions on FortiClient endpoints: block, unblock, quarantine, release quarantine, and unregister. You can also exempt non-compliant FortiClient endpoints from compliance rules.
FortiClient profiles View and create profile packages and FortiClient profiles. You can also import FortiClient profiles from FortiGate devices.

Centralized FortiClient management is enabled by default. You use the FortiClient Manager pane to enable FortiTelemetry and FortiClient enforcement on FortiGate interfaces as well as create and assign FortiClient profile packages to one or more FortiGate devices or VDOMs. Profile packages are installed to devices when you install configurations to the devices.

The following steps provide an overview of using centralized FortiClient management to configure, assign, and install FortiClient profiles:

To enable FortiClient Manager:
  1. Ensure that you are using ADOM version 6.0 or earlier.
  2. Enable FortiClient Manager by using the CLI:

    config system admin setting

    (setting)# set show-fct-manager enable

    (setting)# end

To create and assign FortiClient profile packages:
  1. Create a FortiClient profile package. See Creating FortiClient profile packages.
  2. Select the profile package, and create one or more FortiClient profiles. See Creating FortiClient profiles.
  3. Enable FortiTelemetry on FortiGate interfaces. See Enabling FortiTelemetry on interfaces.
  4. Enable FortiClient enforcement on FortiGate interfaces. See Enabling endpoint control on interfaces.
  5. Assign profile packages to FortiGate interfaces. See Assigning profile packages.
To install configuration changes to devices:
  1. On the FortiClient Manager > FortiClient Profiles pane, click Install Wizard.
  2. Follow the prompts in the wizard. See Using the Install Wizard to install policy packages and device settings.

Endpoint Compliance

Note

The FortiClient Manager pane is available for ADOM versions 6.0 and earlier, and you must enable the module by using the CLI. The FortiClient Manager pane is not available for ADOM versions 6.2 and later because FortiClient endpoints no longer send FortiTelemetry to FortiGate devices.

The FortiClient Manager pane enables you to centrally manage FortiClient profiles for multiple FortiGate devices and monitor FortiClient endpoints that are connected to FortiGate devices.

The FortiClient Manager pane is available for ADOM version 6.0 and earlier, and you must enable the module by using the CLI.

Endpoint control ensures that workstation computers (endpoints) and other network devices meet security requirements. Otherwise they are not permitted access. Endpoint control enforces the use of FortiClient Endpoint Security and pushes a FortiClient profile to the FortiClient application.

For information about FortiClient, see the FortiClient Administration Guide.

Additional configuration options and shortcuts are available using the right-click menu. Right-click on different parts of the navigation panes in the GUI to access these menus.

The FortiClient Manager pane includes the following tabs in the blue banner:

FortiTelemetry View managed FortiGate devices with central FortiClient management enabled. You can enable or disable FortiTelemetry for interfaces, enable or disable FortiClient enforcement on interfaces, and assign FortiClient profile packages to devices.
Monitor Monitor FortiClient endpoints by compliance status or interface. You can perform the following actions on FortiClient endpoints: block, unblock, quarantine, release quarantine, and unregister. You can also exempt non-compliant FortiClient endpoints from compliance rules.
FortiClient profiles View and create profile packages and FortiClient profiles. You can also import FortiClient profiles from FortiGate devices.

Centralized FortiClient management is enabled by default. You use the FortiClient Manager pane to enable FortiTelemetry and FortiClient enforcement on FortiGate interfaces as well as create and assign FortiClient profile packages to one or more FortiGate devices or VDOMs. Profile packages are installed to devices when you install configurations to the devices.

The following steps provide an overview of using centralized FortiClient management to configure, assign, and install FortiClient profiles:

To enable FortiClient Manager:
  1. Ensure that you are using ADOM version 6.0 or earlier.
  2. Enable FortiClient Manager by using the CLI:

    config system admin setting

    (setting)# set show-fct-manager enable

    (setting)# end

To create and assign FortiClient profile packages:
  1. Create a FortiClient profile package. See Creating FortiClient profile packages.
  2. Select the profile package, and create one or more FortiClient profiles. See Creating FortiClient profiles.
  3. Enable FortiTelemetry on FortiGate interfaces. See Enabling FortiTelemetry on interfaces.
  4. Enable FortiClient enforcement on FortiGate interfaces. See Enabling endpoint control on interfaces.
  5. Assign profile packages to FortiGate interfaces. See Assigning profile packages.
To install configuration changes to devices:
  1. On the FortiClient Manager > FortiClient Profiles pane, click Install Wizard.
  2. Follow the prompts in the wizard. See Using the Install Wizard to install policy packages and device settings.