Fortinet black logo

EMS Administration Guide

Adding an endpoint policy

Adding an endpoint policy

  1. Go to Endpoint Policy > Manage Policies.
  2. Click Add.
  3. Complete the following fields:

    Endpoint policy name

    Enter the desired name for the endpoint policy.

    Endpoint domains

    Select the domains to apply the policy to. Domains for which an endpoint policy has already been created are grayed out and you cannot select them.

    Endpoint workgroups

    Select the workgroup of endpoints to apply the policy to. Groups for which an endpoint policy has already been created are grayed out and you cannot select them.

    Endpoint profile

    Include an endpoint profile in the policy. From the dropdown list, select the desired endpoint profile.

    Telemetry gateway list

    Include a Telemetry gateway list in the policy. From the dropdown list, select the desired Telemetry gateway list.

    You must have already created a Telemetry gateway list to include one in an endpoint policy. See Creating Telemetry gateway lists.

    Comments

    Enter any comments desired for the endpoint policy.

    Enable the policy

    Toggle to enable or disable the endpoint policy. You can enable or disable the policy at a later time from Endpoint Policy > Manage Policies.

  4. Click Save. You can view the newly created policy on the Endpoint Policy > Manage Policies page.

    On the Endpoints pane, you can see that endpoints that belong to the All Groups/Seattle/HR group have the endpoint profile and Telemetry gateway list configured in the endpoint policy (Seattle_HR and FGT_Seattle_floor2, respectively) applied:

    EMS pushes these settings to the endpoint with the next Telemetry communication.

    In this example, endpoints in the All Groups/Seattle/HR group are applicable for the Seattle_HR policy. If both the Seattle_general policy (applied to the All Groups/Seattle group) and the Seattle_HR policy (applied to the All Groups/Seattle/HR group) are enabled, EMS applies only the Seattle_HR policy to the All Groups/Seattle/HR group, since the Seattle_HR policy is the most specific policy that is applicable for that group. If the Seattle_HR policy is disabled, EMS applies the Seattle_general policy to endpoints in the All Groups/Seattle/HR group.

Adding an endpoint policy

  1. Go to Endpoint Policy > Manage Policies.
  2. Click Add.
  3. Complete the following fields:

    Endpoint policy name

    Enter the desired name for the endpoint policy.

    Endpoint domains

    Select the domains to apply the policy to. Domains for which an endpoint policy has already been created are grayed out and you cannot select them.

    Endpoint workgroups

    Select the workgroup of endpoints to apply the policy to. Groups for which an endpoint policy has already been created are grayed out and you cannot select them.

    Endpoint profile

    Include an endpoint profile in the policy. From the dropdown list, select the desired endpoint profile.

    Telemetry gateway list

    Include a Telemetry gateway list in the policy. From the dropdown list, select the desired Telemetry gateway list.

    You must have already created a Telemetry gateway list to include one in an endpoint policy. See Creating Telemetry gateway lists.

    Comments

    Enter any comments desired for the endpoint policy.

    Enable the policy

    Toggle to enable or disable the endpoint policy. You can enable or disable the policy at a later time from Endpoint Policy > Manage Policies.

  4. Click Save. You can view the newly created policy on the Endpoint Policy > Manage Policies page.

    On the Endpoints pane, you can see that endpoints that belong to the All Groups/Seattle/HR group have the endpoint profile and Telemetry gateway list configured in the endpoint policy (Seattle_HR and FGT_Seattle_floor2, respectively) applied:

    EMS pushes these settings to the endpoint with the next Telemetry communication.

    In this example, endpoints in the All Groups/Seattle/HR group are applicable for the Seattle_HR policy. If both the Seattle_general policy (applied to the All Groups/Seattle group) and the Seattle_HR policy (applied to the All Groups/Seattle/HR group) are enabled, EMS applies only the Seattle_HR policy to the All Groups/Seattle/HR group, since the Seattle_HR policy is the most specific policy that is applicable for that group. If the Seattle_HR policy is disabled, EMS applies the Seattle_general policy to endpoints in the All Groups/Seattle/HR group.