Viewing the Endpoints pane
You can view information about endpoints on the Endpoints pane.
To view the Endpoints pane:
- Go to Endpoints, and select All Endpoints, a domain, or workgroup.
The list of endpoints, a quick status bar, and a toolbar display in the content pane.
Not Installed
Number of endpoints that do not have FortiClient installed. Click to display the list of endpoints without FortiClient installed.
Not Registered
Number of endpoints that are not connected to FortiClient EMS. Click to display the list of disconnected endpoints.
Out-Of-Sync
Number of endpoints with an out-of-sync profile. Click to display the list of endpoints with out-of-sync profiles.
Security Risk
Number of endpoints that are security risks. Click to display the list of endpoints that are security risks.
Quarantined
Number of endpoints that EMS has quarantined. Click to display the list of quarantined endpoints.
Checkbox
Click to select all endpoints displayed in the content pane.
Show/Hide Heading
Click to hide or display the following column headings: Device, User, IP, Configurations, Connections, Status, and Events.
Show/Hide Full Group Path
Click to hide or display the full path for the group that the endpoint belongs to.
Refresh
Click to refresh the list of endpoints.
Search All Fields
Enter a value and press Enter to search for the value in the list of endpoints.
Filters
Click to display and hide filters you can use to filter the list of endpoints.
Device
Visible when headings are displayed. Displays an icon to represent the OS on the endpoint, the hostname, and the endpoint group.
User
Visible when headings are displayed. Displays the name of the user logged into the endpoint.
IP
Visible when headings are displayed. Displays the endpoint's IP address.
Configurations
Visible when headings are displayed. Displays the name of the policy assigned to the endpoint and its synchronization status.
Connections
Visible when headings are displayed. Displays the connection status between FortiClient and FortiClient EMS. If the endpoint is connected to a FortiGate, displays the FortiGate hostname.
Events
Visible when headings are displayed. Displays FortiClient events for the endpoint.
- Click an endpoint to display its details in the content pane.
The following dropdown lists display in the toolbar for the selected endpoint:
Checkbox
Click to select and deselect all endpoints in the content pane. You can then select or clear the checkbox for individual endpoints to fine-tune the list of selected endpoints.
Scan
Click to start a Vulnerability or AV scan on the selected endpoint.
Patch
Click to patch all critical and high vulnerabilities on the selected endpoint. Choose one of the following options:
- Selected Vulnerabilities on Selected Clients
- Selected Vulnerabilities on All Affected Clients
- All Critical and High Vulnerabilities
Move to
Move the endpoint to a different group.
Action
Click to perform one of the following actions on the selected endpoint:
- Request FortiClient Logs
- Request Diagnostic Results
- Update Signatures
- Download Available FortiClient Logs
- Download Available Diagnostic Results
- Re-register
- Deregister
- Register
- Quarantine
- Un-quarantine
- Exclude from Management
- Clear Events
- Mark as Uninstalled
- Delete Device
The following tabs are available in the content pane toolbar when you select an endpoint, depending on which FortiClient features are installed on the endpoint and enabled via the assigned profile:
Summary
<user name>
Displays the name of the user logged into the selected endpoint. Also displays the user's avatar, email address, and phone number if these are provided to FortiClient on the endpoint. If the user's LinkedIn, Google, Salesforce, or other cloud app account is linked in FortiClient, the username from the cloud application displays. Also displays the group that the endpoint belongs to in EMS.
Device
Displays the selected endpoint's hostname. You can enter an alias if desired.
OS
Displays the selected endpoint's operating system and version number.
IP
Displays the selected endpoint's MAC address.
Last Seen
Displays the last date and time that FortiClient sent a keep-alive message to EMS. This information is useful if FortiClient is offline because it indicates when the last keep-alive message occurred.
Location
Displays whether the selected endpoint is on-net or off-net.
Host Verification Tags
Displays which tags have been applied to the endpoint based on the compliance verification rules. See Compliance Verification.
Connection
Displays the connection status between the selected endpoint and FortiClient EMS and between the endpoint and FortiGate.
Configuration
Displays the following information for the selected endpoint:
- Policy: Name of the endpoint policy assigned to the selected endpoint
- Profile: Name of the profile assigned to the selected endpoint
- Off-net Profile: Name of the off-net profile assigned to the selected endpoint
- Installer: Name of the FortiClient installer used for the selected endpoint. Displays Not Assigned if no FortiClient installer has been assigned to the selected endpoint.
- Telemetry Gateway List: Name of the Telemetry gateway list used for the selected endpoint. Displays Not Assigned if no Telemetry gateway list has been assigned to the selected endpoint.
- FortiClient Version: FortiClient version installed on the selected endpoint.
- FortiClient Serial Number: Serial number for the selected endpoint's FortiClient license.
Status
Displays one of the following statuses:
- Registered: Endpoint is registered to EMS.
- Quarantined: If quarantined, displays access code. The user can enter this access code in the affected endpoint's FortiClient to remove the endpoint from quarantine.
- Excluded: Endpoint is excluded from management by EMS.
Features
Displays which features are enabled for FortiClient.
Antivirus Events
Date
Displays the AV event's date and time.
Count
Displays the number of occurrences for this event.
Message
Displays the AV event's message.
Cloud Scan Events
Date
Displays the cloud-based malware detection event's date and time.
Count
Displays the number of occurrences for this event.
Message
Displays the cloud-based malware detection event's message.
AntiExploit Events
Date
Displays the AntiExploit event's date and time.
Count
Displays the number of occurrences for this event.
Message
Displays the AntiExploit event's message.
USB Device Events
Date
Displays the USB device event's date and time.
Count
Displays the number of occurrences for this event.
Message
Displays the USB device event's message.
Sandbox Events
Date
Displays the sandbox event's date and time.
Message
Displays the sandbox event's message.
Rating
Displays the file's risk rating as retrieved from FortiSandbox.
Malware
Displays the malware name.
Checksum
Displays the checksum for the file.
Download
Download a PDF version of the detailed report.
Magnifying glass
Click to view a more detailed report. See Viewing Sandbox event details.
Firewall Events
Date
Displays the firewall event's date and time.
Count
Displays the number of occurrences for this event.
Message
Displays the firewall event's message.
Web Filter Events
Date
Displays the web filter event's date and time.
Count
Displays the number of occurrences for this event.
Message
Displays the web filter event's message.
Vulnerability Events
Vulnerability
Displays the vulnerability's name. For example, Security update available for Adobe Reader.
Category
Displays the vulnerability's category. For example, Third Party App.
Application
Displays the name of the application with the vulnerability.
Severity
Displays the vulnerability's severity.
Patch Type
Displays the patch type for this vulnerability: Auto or Manual.
FortiGuard
Displays the FortiGuard ID number. If you click the FortiGuard ID number, it redirects you to FortiGuard where further information is provided if available.
System Events
Date
Displays the system event's date and time.
Count
Displays the number of occurrences for this event.
Message
Displays the system event's message.