On-fabric Detection Rules
You can configure on-fabric detection rules for endpoints. EMS uses the rules to determine if the endpoint is on- or off-fabric. Depending on the endpoint's on-fabric status, EMS may apply a different profile to the endpoint, as configured in the applied endpoint policy. See Adding an endpoint policy.
On-fabric detection rules do not apply to endpoints running FortiClient 6.2.1 and earlier versions. Endpoints running FortiClient 6.2.1 and earlier versions determine on-/off-fabric status as Determining on-fabric/off-fabric status describes. |
To add an on-fabric detection rule set:
- Go to Policy Components > On-fabric Detection Rules.
- Click Add.
- In the Name field, enter the desired name.
- Enable or disable the rule set by toggling Enabled on or off.
- Click Add Rule.
- In the Add New Rule dialog, from the Detection Type dropdown list, select and configure the desired rule detection type. If you configure rules of multiple detection types for a rule set, the endpoint must satisfy all configured rules to satisfy the entire rule set:
- Click Add Rule.
- Click Save.
To edit an on-fabric detection rule set:
- Go to Policy Components > On-fabric Detection Rules.
- Select the rule set.
- Click Edit.
- Edit as desired.
- Click Save.
To delete an on-fabric detection rule set:
- Go to Policy Components > On-fabric Detection Rules.
- Click the desired rule set.
- Click Delete.
- In the confirmation dialog, click Yes.
To delete an on-fabric detection rule from a rule set:
- Go to Policy Components > On-fabric Detection Rules.
- Click the desired rule set.
- Under Rules, select the desired rule.
- Click Delete Rule.
- Click Save.
To enable/disable an on-fabric detection rule:
- Go to Policy Components > On-fabric Detection Rules.
- Select or deselect the Enabled checkbox for the desired rule set.
Determining on-fabric/off-fabric status
This section only applies to endpoints running FortiClient 6.2.1 and earlier versions.
There are two settings in EMS that affect FortiClient on-fabric/off-fabric status:
- DHCP on-fabric/off-fabric
- On-fabric detection rules configured for the endpoint's assigned policy.
The table shows how the DHCP on-fabric/off-fabric setting, on-fabric detection rules, and Option 224 serial number affect the endpoint's on-fabric/off-fabric status. DHCP on-fabric/off-fabric only applies when the endpoint is connected to EMS. You can configure Option 224 with any Fortinet device's serial number. EMS assumes that FortiClient is behind a FortiGate and on-fabric with that FortiGate.
DHCP on-fabric/off-fabric |
On-fabric detection rules |
Option 224 serial number |
Resulting endpoint status |
---|---|---|---|
Disabled |
Not configured |
N/A |
Endpoint is on-fabric when registered to EMS. |
Enabled |
Not configured |
Not configured |
Endpoint is off-fabric when registered to EMS. |
Enabled |
Not configured |
Configured |
On-fabric Since Option 224 is configured with a Fortinet device's serial number, EMS assumes FortiClient is on-fabric with that FortiGate. |
N/A |
Enabled, with subnet configured. Endpoint IP address is in the configured subnet. |
N/A |
On-fabric The endpoint is inside the on-fabric networks configured in the applied endpoint policy's on-fabric detection rules. |
N/A |
Enabled, with subnet configured. Endpoint IP address is not in the configured subnet. |
N/A |
Off-fabric The endpoint is outside the on-fabric networks configured in the applied endpoint policy's on-fabric detection rules. |
An endpoint has an offline off-fabric status when it cannot connect FortiClient Telemetry to EMS and is outside any of the on-fabric networks.
An endpoint has an offline on-fabric status when it cannot connect FortiClient Telemetry to EMS but is inside one of the on-fabric networks, or if no on-fabric rules are configured within the assigned policy.