Fortinet black logo

Administration Guide

Verifying EMS CA certificate, ZTNA tag, and FortiClient endpoint synchronized from FortiClient EMS

Verifying EMS CA certificate, ZTNA tag, and FortiClient endpoint synchronized from FortiClient EMS

After the FortiWeb device connects to the FortiClient EMS, the following items are synchronized from FortiClient EMS to FortiWeb:

  • EMS CA certificate (ZTNA)

  • EMS tags, including ZTNA tags, Classification tags, Outbreak Tags, and Fabric Tags

  • FortiClient endpoint information, including FCT SN, UID, IP, OS info, Tags & other info

EMS CA certificates

The EMS CA certificate is synchronized to Server Objects > Certificates > CA tab.

ZTNA tags

ZTNA tags are synchronized to the Zero Trust Access > ZTNA Profile > ZTNA Tags tab. After the FortiClient EMS connector has successfully connected, check the ZTNA Tags page to ensure the corresponding ZTNA tag has been synchronized.

FortiWeb synchronizes the following four types of tags from FortiClient EMS.

Tag

Description

Zero Trust tags

Zero Trust tags are created manually by Zero Trust tagging rules;

Endpoints will be tagged by the criteria defined in the tagging rule.

Classification tags

Include Predefined importance tags & custom classification tags;

It can be set manually in FortiClient EMS through Endpoint > All Endpoints > Action > Set Importance & Set Custom Tags.

FortiGuard outbreak alert tags

EMS receives predefined outbreak alert rules from FortiGuard;

Endpoints will be tagged dynamically when matching these rules;

These tags can be found in FortiClient EMS through FortiGuard Outbreak Detections > FortiGuard Outbreak Detection Rules.

Fabric tags

To have fabric tags, it requires FortiClient EMS to connect with FortiAnalyzer.

FortiAnalyzer creates rules to tag endpoints which will be applied to FortiClient EMS.

FortiClient endpoint information

Run the following command to show the FortiClient endpoint information including FCT SN, UID, IP, OS info, Tags, etc.

diagnose system endpoint clients

Verifying EMS CA certificate, ZTNA tag, and FortiClient endpoint synchronized from FortiClient EMS

After the FortiWeb device connects to the FortiClient EMS, the following items are synchronized from FortiClient EMS to FortiWeb:

  • EMS CA certificate (ZTNA)

  • EMS tags, including ZTNA tags, Classification tags, Outbreak Tags, and Fabric Tags

  • FortiClient endpoint information, including FCT SN, UID, IP, OS info, Tags & other info

EMS CA certificates

The EMS CA certificate is synchronized to Server Objects > Certificates > CA tab.

ZTNA tags

ZTNA tags are synchronized to the Zero Trust Access > ZTNA Profile > ZTNA Tags tab. After the FortiClient EMS connector has successfully connected, check the ZTNA Tags page to ensure the corresponding ZTNA tag has been synchronized.

FortiWeb synchronizes the following four types of tags from FortiClient EMS.

Tag

Description

Zero Trust tags

Zero Trust tags are created manually by Zero Trust tagging rules;

Endpoints will be tagged by the criteria defined in the tagging rule.

Classification tags

Include Predefined importance tags & custom classification tags;

It can be set manually in FortiClient EMS through Endpoint > All Endpoints > Action > Set Importance & Set Custom Tags.

FortiGuard outbreak alert tags

EMS receives predefined outbreak alert rules from FortiGuard;

Endpoints will be tagged dynamically when matching these rules;

These tags can be found in FortiClient EMS through FortiGuard Outbreak Detections > FortiGuard Outbreak Detection Rules.

Fabric tags

To have fabric tags, it requires FortiClient EMS to connect with FortiAnalyzer.

FortiAnalyzer creates rules to tag endpoints which will be applied to FortiClient EMS.

FortiClient endpoint information

Run the following command to show the FortiClient endpoint information including FCT SN, UID, IP, OS info, Tags, etc.

diagnose system endpoint clients