Fortinet white logo
Fortinet white logo

EMS Administration Guide

Adding a group assignment rule

Adding a group assignment rule

To add an installer ID group assignment rule:

An installer ID group assignment rule automatically places endpoints with the specified installer ID into the specified endpoint group.

  1. Go to Endpoints > Group Assignment Rules.
  2. Click Add.
  3. Under Type, select Installer ID.
  4. In the Installer ID field, enter the desired installer ID.
  5. In the Group field, do one of the following:
    1. If you want to place the endpoints into an existing group, select the desired group from the dropdown list.
    2. If you want to place the endpoints into a new group, click Create a new group and enter the desired group name. FortiClient EMS creates the new group.

      To create a new nested group, enter the desired group hierarchy. For example, to create a Seattle group nested under a West Coast group, enter West Coast/Seattle. FortiClient EMS then dynamically creates any group that does not exist. For example, if both the West Coast and Seattle groups do not exist, FortiClient EMS creates both groups with the desired hierarchy. If the West Coast group exists, FortiClient EMS creates a new Seattle group nested under it.

  6. Enable or disable the rule by toggling Enable Rule on or off.
  7. Click Save.
To add an IP address group assignment rule:

An IP address group assignment rule requires all endpoints with an IP address in the specified subnet or IP address range to be placed into the specified endpoint group.

  1. Go to Endpoints > Group Assignment Rules.
  2. Click Add.
  3. Under Type, select IP Address.
  4. In the Subnet/IP Range field, enter the desired subnet or IP address range. EMS automatically places endpoints whose IP addresses belong to the specified subnet or IP address range into the specified group.
  5. In the Group field, do one of the following:
    1. If you want to place the endpoints into an existing group, select the desired group from the dropdown list.
    2. If you want to place the endpoints into a new group, click Create a new group and enter the desired group name. FortiClient EMS creates the new group.

      To create a new nested group, enter the desired group hierarchy. For example, to create a Seattle group nested under a West Coast group, enter West Coast/Seattle. FortiClient EMS then dynamically creates any group that does not exist. For example, if both the West Coast and Seattle groups do not exist, FortiClient EMS creates both groups with the desired hierarchy. If the West Coast group exists, FortiClient EMS creates a new Seattle group nested under it.

  6. Enable or disable the rule by toggling Enable Rule on or off.
  7. Click Save.
To add an OS group assignment rule:

An OS group assignment rule requires all endpoints that have the specified OS installed to be placed into the specified endpoint group.

  1. Go to Endpoints > Group Assignment Rules.
  2. Click Add.
  3. Under Type, select OS.
  4. In the OS field, enter the OS. EMS automatically places endpoints that have the specified OS installed into the specified group. You can enter only the OS name or specify a version number. For example, you can enter "Windows" to place endpoints with any version of Windows installed into the specified endpoint group. You can also specify "Windows Server 2008" to only place endpoints that have Windows Server 2008 installed into the specified endpoint group.
  5. In the Group field, do one of the following:
    1. If you want to place the endpoints into an existing group, select the desired group from the dropdown list.
    2. If you want to place the endpoints into a new group, click Create a new group and enter the desired group name. FortiClient EMS creates the new group.

      To create a new nested group, enter the desired group hierarchy. For example, to create a Seattle group nested under a West Coast group, enter West Coast/Seattle. FortiClient EMS then dynamically creates any group that does not exist. For example, if both the West Coast and Seattle groups do not exist, FortiClient EMS creates both groups with the desired hierarchy. If the West Coast group exists, FortiClient EMS creates a new Seattle group nested under it.

  6. Enable or disable the rule by toggling Enable Rule on or off.
  7. Click Save.
To add an AD group assignment rule:

An AD group assignment rule requires all endpoints in the specified AD group to be placed into the specified endpoint group.

  1. Go to Endpoints > Group Assignment Rules.
  2. Click Add.
  3. Under Type, select AD User Group.
  4. In the AD User Group field, enter the desired AD user group's distinguished name. EMS automatically places endpoints in the specified AD group into the specified group.
  5. In the Group field, do one of the following:
    1. If you want to place the endpoints into an already existing group, select the desired group from the dropdown list.
    2. If you want to place the endpoints into a new group, click Create a new group and enter the desired group name. FortiClient EMS creates the new group.

      To create a new nested group, enter the desired group hierarchy. For example, to create a Seattle group nested under a West Coast group, enter West Coast/Seattle. FortiClient EMS then dynamically creates any group that does not exist. For example, if both the West Coast and Seattle groups do not exist, FortiClient EMS creates both groups with the desired hierarchy. If the West Coast group exists, FortiClient EMS creates a new Seattle group nested under it.

  6. Enable or disable the rule by toggling Enable Rule on or off.
  7. Click Save.

Adding a group assignment rule

Adding a group assignment rule

To add an installer ID group assignment rule:

An installer ID group assignment rule automatically places endpoints with the specified installer ID into the specified endpoint group.

  1. Go to Endpoints > Group Assignment Rules.
  2. Click Add.
  3. Under Type, select Installer ID.
  4. In the Installer ID field, enter the desired installer ID.
  5. In the Group field, do one of the following:
    1. If you want to place the endpoints into an existing group, select the desired group from the dropdown list.
    2. If you want to place the endpoints into a new group, click Create a new group and enter the desired group name. FortiClient EMS creates the new group.

      To create a new nested group, enter the desired group hierarchy. For example, to create a Seattle group nested under a West Coast group, enter West Coast/Seattle. FortiClient EMS then dynamically creates any group that does not exist. For example, if both the West Coast and Seattle groups do not exist, FortiClient EMS creates both groups with the desired hierarchy. If the West Coast group exists, FortiClient EMS creates a new Seattle group nested under it.

  6. Enable or disable the rule by toggling Enable Rule on or off.
  7. Click Save.
To add an IP address group assignment rule:

An IP address group assignment rule requires all endpoints with an IP address in the specified subnet or IP address range to be placed into the specified endpoint group.

  1. Go to Endpoints > Group Assignment Rules.
  2. Click Add.
  3. Under Type, select IP Address.
  4. In the Subnet/IP Range field, enter the desired subnet or IP address range. EMS automatically places endpoints whose IP addresses belong to the specified subnet or IP address range into the specified group.
  5. In the Group field, do one of the following:
    1. If you want to place the endpoints into an existing group, select the desired group from the dropdown list.
    2. If you want to place the endpoints into a new group, click Create a new group and enter the desired group name. FortiClient EMS creates the new group.

      To create a new nested group, enter the desired group hierarchy. For example, to create a Seattle group nested under a West Coast group, enter West Coast/Seattle. FortiClient EMS then dynamically creates any group that does not exist. For example, if both the West Coast and Seattle groups do not exist, FortiClient EMS creates both groups with the desired hierarchy. If the West Coast group exists, FortiClient EMS creates a new Seattle group nested under it.

  6. Enable or disable the rule by toggling Enable Rule on or off.
  7. Click Save.
To add an OS group assignment rule:

An OS group assignment rule requires all endpoints that have the specified OS installed to be placed into the specified endpoint group.

  1. Go to Endpoints > Group Assignment Rules.
  2. Click Add.
  3. Under Type, select OS.
  4. In the OS field, enter the OS. EMS automatically places endpoints that have the specified OS installed into the specified group. You can enter only the OS name or specify a version number. For example, you can enter "Windows" to place endpoints with any version of Windows installed into the specified endpoint group. You can also specify "Windows Server 2008" to only place endpoints that have Windows Server 2008 installed into the specified endpoint group.
  5. In the Group field, do one of the following:
    1. If you want to place the endpoints into an existing group, select the desired group from the dropdown list.
    2. If you want to place the endpoints into a new group, click Create a new group and enter the desired group name. FortiClient EMS creates the new group.

      To create a new nested group, enter the desired group hierarchy. For example, to create a Seattle group nested under a West Coast group, enter West Coast/Seattle. FortiClient EMS then dynamically creates any group that does not exist. For example, if both the West Coast and Seattle groups do not exist, FortiClient EMS creates both groups with the desired hierarchy. If the West Coast group exists, FortiClient EMS creates a new Seattle group nested under it.

  6. Enable or disable the rule by toggling Enable Rule on or off.
  7. Click Save.
To add an AD group assignment rule:

An AD group assignment rule requires all endpoints in the specified AD group to be placed into the specified endpoint group.

  1. Go to Endpoints > Group Assignment Rules.
  2. Click Add.
  3. Under Type, select AD User Group.
  4. In the AD User Group field, enter the desired AD user group's distinguished name. EMS automatically places endpoints in the specified AD group into the specified group.
  5. In the Group field, do one of the following:
    1. If you want to place the endpoints into an already existing group, select the desired group from the dropdown list.
    2. If you want to place the endpoints into a new group, click Create a new group and enter the desired group name. FortiClient EMS creates the new group.

      To create a new nested group, enter the desired group hierarchy. For example, to create a Seattle group nested under a West Coast group, enter West Coast/Seattle. FortiClient EMS then dynamically creates any group that does not exist. For example, if both the West Coast and Seattle groups do not exist, FortiClient EMS creates both groups with the desired hierarchy. If the West Coast group exists, FortiClient EMS creates a new Seattle group nested under it.

  6. Enable or disable the rule by toggling Enable Rule on or off.
  7. Click Save.