Fixing non compliance (blocked)
When an endpoint is not compliant with FortiGate compliance rules, and FortiGate is configured with a non-compliance action of block, the endpoint is blocked from accessing the network, and the Compliance & Telemetry tab displays a not-compliant status:
The following information displays on the Compliance & Telemetry tab:
Compliance status |
|
Indicates the endpoint is not compliant with FortiGate compliance rules and may be blocked from accessing the network. You have some time to fix the non-compliant issues before FortiGate blocks network access. See Compliance and vulnerability scanning. |
Compliance rules |
|
View all compliance rules by clicking View Compliance Rules and see which rules are unmet. Displays compliance rules that FortiClient is currently not compliant with, as well as the non-compliance action configured on the FortiGate. |
Fix Non-compliant Settings |
|
Click the Fix Non-Compliant Settings button to try and return FortiClient to a compliant status. This option is not available when FortiClient settings are locked by EMS. |
You can take the following steps to fix the not-compliant status and return the endpoint to a compliant status:
- View which compliance rules are unmet. See Viewing unmet compliance rules.
- Update the FortiClient configuration, if the option is available. See Fixing non-compliant settings.
- Fix detected vulnerabilities by using the automatic patching features. See Automatically fixing detected vulnerabilities.
- Manually install software patches, if required. See Manually fixing detected vulnerabilities.
- Manually fix system compliance:
- Create or modify the requested registry
- Create or modify the requested files or folders
- Start the requested processes
FortiClient must be installed with the correct setup to adhere to the compliance rules. See FortiClient setup types and modules. |