Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Administration Guide

Managed mode with FortiGate

When FortiClient Telemetry is connected to FortiGate and the FortiGate administrator has disabled compliance, network access compliance (NAC) is not enforced. The Compliance & Telemetry tab displays Not Participating and you are not required to maintain a compliant status to access the network.

When FortiClient Telemetry is connected to FortiGate and the FortiGate administrator has enabled compliance, NAC is enforced and you may be required to maintain a compliant status to access the network, depending on how FortiGate enforces NAC.

If FortiGate is configured to block network access for endpoints with non-compliant status, certain requirements must be met to maintain a compliant status and network access. See FortiGate and FortiClient Compliance profiles.

When FortiGate is integrated with EMS, the endpoint may also receive a profile from EMS that contains FortiClient configuration information.

If FortiGate is configured to warn endpoints about non-compliant status, you can acknowledge the status and access the network without fixing the issues causing a non-compliant status.

The following dialog box shows an example of an endpoint connected to a FortiGate with the compliance feature disabled.

The following dialog box shows an example of an endpoint connected to a FortiGate with the compliance feature enabled, and the endpoint is in compliance with the FortiGate compliance rules.

The Compliance & Telemetry tab displays the following information:

Compliance

Indicates the endpoint compliance feature is enabled on FortiGate and the endpoint is in compliance with FortiGate compliance rules. See Fixing non compliance (blocked) and Fixing non compliance (warning).

Indicates the compliance enforcement feature is not enabled on FortiGate.

FortiGate information

Displays the IP address, host name, and serial number of the FortiGate to which FortiClient Telemetry is connected. Also displays the time of the next Telemetry communication between FortiClient and the FortiGate. You can disconnect by clicking Disconnect.

Compliance Policy

Click the View Compliance Rules to display the compliance rules for FortiGate.

Managed mode with FortiGate

When FortiClient Telemetry is connected to FortiGate and the FortiGate administrator has disabled compliance, network access compliance (NAC) is not enforced. The Compliance & Telemetry tab displays Not Participating and you are not required to maintain a compliant status to access the network.

When FortiClient Telemetry is connected to FortiGate and the FortiGate administrator has enabled compliance, NAC is enforced and you may be required to maintain a compliant status to access the network, depending on how FortiGate enforces NAC.

If FortiGate is configured to block network access for endpoints with non-compliant status, certain requirements must be met to maintain a compliant status and network access. See FortiGate and FortiClient Compliance profiles.

When FortiGate is integrated with EMS, the endpoint may also receive a profile from EMS that contains FortiClient configuration information.

If FortiGate is configured to warn endpoints about non-compliant status, you can acknowledge the status and access the network without fixing the issues causing a non-compliant status.

The following dialog box shows an example of an endpoint connected to a FortiGate with the compliance feature disabled.

The following dialog box shows an example of an endpoint connected to a FortiGate with the compliance feature enabled, and the endpoint is in compliance with the FortiGate compliance rules.

The Compliance & Telemetry tab displays the following information:

Compliance

Indicates the endpoint compliance feature is enabled on FortiGate and the endpoint is in compliance with FortiGate compliance rules. See Fixing non compliance (blocked) and Fixing non compliance (warning).

Indicates the compliance enforcement feature is not enabled on FortiGate.

FortiGate information

Displays the IP address, host name, and serial number of the FortiGate to which FortiClient Telemetry is connected. Also displays the time of the next Telemetry communication between FortiClient and the FortiGate. You can disconnect by clicking Disconnect.

Compliance Policy

Click the View Compliance Rules to display the compliance rules for FortiGate.