Fortinet black logo

EMS Administration Guide

Adding an IP address group assignment rule

Adding an IP address group assignment rule

When enabled, an IP address group assignment rule requires all endpoints with an IP address in the specified subnet or IP address range to be placed into the specified endpoint group.

  1. Go to Administration > Group Assignment Rules.
  2. Click Add.
  3. Under Type, select IP Address.
  4. In the Subnet/IP Range field, enter the desired subnet or IP address range. Endpoints whose IP addresses belong to the specified subnet or IP address range will automatically be placed into the specified group.
  5. In the Group field, do one of the following:
    1. If you want to place the endpoints into an already existing group, select the desired group from the dropdown list.
    2. If you want to place the endpoints into a new group, enter the desired group name. FortiClient EMS creates the new group.

      To create a new nested group, enter the desired group hierarchy. For example, to create a Seattle group nested under a West Coast group, enter West Coast/Seattle. FortiClient EMS then dynamically creates any group that does not exist. For example, if both the West Coast and Seattle groups do not exist, FortiClient EMS creates both groups with the desired hierarchy. If the West Coast group exists, FortiClient EMS creates a new Seattle group nested under it.

  6. Enable or disable the rule by toggling Enable Rule on or off.
  7. Click Save.

Adding an IP address group assignment rule

When enabled, an IP address group assignment rule requires all endpoints with an IP address in the specified subnet or IP address range to be placed into the specified endpoint group.

  1. Go to Administration > Group Assignment Rules.
  2. Click Add.
  3. Under Type, select IP Address.
  4. In the Subnet/IP Range field, enter the desired subnet or IP address range. Endpoints whose IP addresses belong to the specified subnet or IP address range will automatically be placed into the specified group.
  5. In the Group field, do one of the following:
    1. If you want to place the endpoints into an already existing group, select the desired group from the dropdown list.
    2. If you want to place the endpoints into a new group, enter the desired group name. FortiClient EMS creates the new group.

      To create a new nested group, enter the desired group hierarchy. For example, to create a Seattle group nested under a West Coast group, enter West Coast/Seattle. FortiClient EMS then dynamically creates any group that does not exist. For example, if both the West Coast and Seattle groups do not exist, FortiClient EMS creates both groups with the desired hierarchy. If the West Coast group exists, FortiClient EMS creates a new Seattle group nested under it.

  6. Enable or disable the rule by toggling Enable Rule on or off.
  7. Click Save.