FortiGate compliance rules
When FortiClient is connected to FortiGate, FortiGate provides network security by defining compliance rules for FortiClient endpoints. In FortiOS, administrators can configure a FortiClient profile and apply the profile to endpoints. The profile achieves the following goals:
- Defines compliance rules for endpoint access to the network through FortiGate
- Defines the non-compliance action for FortiGate—that is, how FortiGate handles endpoints that fail to comply with compliance rules
- An endpoint is considered compliant if it FortiClient is managed by the EMS server authorized in FortiOS.
- An endpoint is considered compliant if it complies with the specific compliance rules configured in FortiOS. The following list shows a sample of the compliance rules administrators can enable or disable in a FortiClient profile using the FortiOS GUI:
- Telemetry data
- Endpoint Vulnerability Scan on client
- System compliance:
- Minimum FortiClient version
- What log types FortiClient will send to FortiAnalyzer
- Processes running on client
- Security posture check:
- Realtime protection
- Third party Antivirus on Windows
- Web filter
- Application firewall
For information on configuring FortiGate compliance rules, see the FortiOS Handbook - Security Profiles.