Verifying EMS CA certificate, ZTNA tag, and FortiClient endpoint synchronized from FortiClient EMS
After the FortiWeb device connects to the FortiClient EMS, the following items are synchronized from FortiClient EMS to FortiWeb:
EMS CA certificate (ZTNA)
EMS tags, including ZTNA tags, Classification tags, Outbreak Tags, and Fabric Tags
FortiClient endpoint information, including FCT SN, UID, IP, OS info, Tags & other info
EMS CA certificates
The EMS CA certificate is synchronized to Server Objects > Certificates > CA tab.
ZTNA tags are synchronized to the Zero Trust Access > ZTNA Profile > ZTNA Tags tab. After the FortiClient EMS connector has successfully connected, check the ZTNA Tags page to ensure the corresponding ZTNA tag has been synchronized.
FortiWeb synchronizes the following four types of tags from FortiClient EMS.
|Zero Trust tags||
Zero Trust tags are created manually by Zero Trust tagging rules;
Endpoints will be tagged by the criteria defined in the tagging rule.
Include Predefined importance tags & custom classification tags;
It can be set manually in FortiClient EMS through Endpoint > All Endpoints > Action > Set Importance & Set Custom Tags.
|FortiGuard outbreak alert tags||
EMS receives predefined outbreak alert rules from FortiGuard;
Endpoints will be tagged dynamically when matching these rules;
These tags can be found in FortiClient EMS through FortiGuard Outbreak Detections > FortiGuard Outbreak Detection Rules.
To have fabric tags, it requires FortiClient EMS to connect with FortiAnalyzer.
FortiAnalyzer creates rules to tag endpoints which will be applied to FortiClient EMS.
FortiClient endpoint information
Run the following command to show the FortiClient endpoint information including FCT SN, UID, IP, OS info, Tags, etc.
diagnose system endpoint clients