Adding an endpoint policy
To add an endpoint policy:
- Go to Endpoint Policy & Components > Manage Policies.
- Click Add.
- Complete the following fields:
Endpoint Policy Name
Enter the desired name for the endpoint policy.
Endpoint Groups
Select the device and/or user group to apply the policy to. You can select a group from all imported domains and workgroups.
Users
Search for and select desired domain users to apply the policy to.
If an endpoint is applicable for both a user-based and a group-based policy, the user-based policy takes precedence and EMS applies it to the endpoint.
Profile (Off-Fabric)
Configure the desired endpoint profiles to apply to the endpoint when it is off-fabric according to the on-fabric detection rules configured in this policy. For example, you may want to apply more restrictive profiles to the endpoint when EMS determines it to be off-fabric. From the dropdown list, select the desired endpoint profiles.
If including an off-fabric profile in a policy, also including on-fabric detection rules in the policy is recommended. Otherwise, EMS may not apply on-fabric and off-fabric profiles as desired.
When you enable this toggle, the Profile field displays two sets of endpoint profile dropdown lists. You can configure the desired endpoint profiles for an off-fabric endpoint using the dropdown lists on the right.
Profile
From the dropdown lists, configure the desired endpoint profiles to apply to endpoints that EMS has applied the policy to. FortiClient EMS displays enabled endpoint profiles with a green circle and disabled endpoint profiles with a gray circle.
Download Profile XML
Download the XML configuration file for the profiles by clicking the Profile XML button. This downloads one XML file that contains the XML configuration for all selected endpoint profiles.
If Profile (Off-Fabric) is enabled, you can use the Off-Fabric Profile XML button to download an XML file that contains the XML configuration for all selected endpoint profiles for off-fabric endpoints.
On-Fabric Detection Rules
Select the on-fabric detection rules to include in the policy. You can select multiple rules.
You must have already created on-fabric detection rules to include them in an endpoint policy. See On-fabric Detection Rules.
Comments
Enter any comments desired for the endpoint policy.
Enable the Policy
Toggle to enable or disable the endpoint policy. You can enable or disable the policy at a later time from Endpoint Policy & Components > Manage Policies.
- Click Save. You can view the newly created policy in Endpoint Policy & Components > Manage Policies.
EMS pushes these settings to the endpoint with the next Telemetry communication.