Fortinet black logo

Administration Guide

Home FortiSASE Administration Guide

Example: Removing an endpoint from management

Example: Removing an endpoint from management

Note

The Disable option within Management Connection is not equivalent to the Deregister button in previous FortiSASE versions.

In previous versions, Deregister just disconnected the endpoint from FortiSASE and allowed the possibility for the endpoint to remain managed and reregister with FortiSASE.

Currently, once you configure Management Connection > Disable for an endpoint, it is permanently excluded from management. Namely, it is considered an unmanaged endpoint, and cannot register with FortiSASE.

To allow an unmanaged endpoint to be managed by and register with FortiSASE, you must select the endpoint and configure Management Connection > Enable.

To remove an endpoint from management:

  1. Consider that the device has been managed and is registered to and connected to FortiSASE. Go to Network > Managed Endpoints, click the Managed Endpoints view, and confirm the endpoint is visible there.

  2. Select the endpoint, select Management Connection > Disable, and click OK to confirm. In FortiClient after the telemetry sync timer elapses, the endpoint’s zero trust telemetry connection and the FortiSASE VPN connection both disconnect after previously having been connected.

  3. Confirm that the endpoint has disappeared from the Managed Endpoints view.

  4. Go to Network > Managed Endpoints and click Unmanaged Endpoints. Confirm the endpoint is visible in that view.

  5. Go to Configuration > Users and click Onboard Users.

  6. Set FortiClient Installer to Download.

  7. Under Manual Installer to the right of the Invitation Code field, click the copy icon to copy the invitation code.

  8. On the endpoint, open FortiClient. On the Zero Trust Telemetry tab, paste the copied FortiSASE invitation code and click Connect. The endpoint no longer successfully establishes its zero trust telemetry connection with FortiSASE since you have excluded it from management.

  9. If the endpoint reboots, repeat step 8. FortiClient attempts to connect to FortiSASE and never succeeds with registering and receiving an endpoint policy each time. This confirms that the unmanaged endpoint has been excluded from management as desired.

Previous
Next

Example: Removing an endpoint from management

Note

The Disable option within Management Connection is not equivalent to the Deregister button in previous FortiSASE versions.

In previous versions, Deregister just disconnected the endpoint from FortiSASE and allowed the possibility for the endpoint to remain managed and reregister with FortiSASE.

Currently, once you configure Management Connection > Disable for an endpoint, it is permanently excluded from management. Namely, it is considered an unmanaged endpoint, and cannot register with FortiSASE.

To allow an unmanaged endpoint to be managed by and register with FortiSASE, you must select the endpoint and configure Management Connection > Enable.

To remove an endpoint from management:

  1. Consider that the device has been managed and is registered to and connected to FortiSASE. Go to Network > Managed Endpoints, click the Managed Endpoints view, and confirm the endpoint is visible there.

  2. Select the endpoint, select Management Connection > Disable, and click OK to confirm. In FortiClient after the telemetry sync timer elapses, the endpoint’s zero trust telemetry connection and the FortiSASE VPN connection both disconnect after previously having been connected.

  3. Confirm that the endpoint has disappeared from the Managed Endpoints view.

  4. Go to Network > Managed Endpoints and click Unmanaged Endpoints. Confirm the endpoint is visible in that view.

  5. Go to Configuration > Users and click Onboard Users.

  6. Set FortiClient Installer to Download.

  7. Under Manual Installer to the right of the Invitation Code field, click the copy icon to copy the invitation code.

  8. On the endpoint, open FortiClient. On the Zero Trust Telemetry tab, paste the copied FortiSASE invitation code and click Connect. The endpoint no longer successfully establishes its zero trust telemetry connection with FortiSASE since you have excluded it from management.

  9. If the endpoint reboots, repeat step 8. FortiClient attempts to connect to FortiSASE and never succeeds with registering and receiving an endpoint policy each time. This confirms that the unmanaged endpoint has been excluded from management as desired.

Previous
Next