Staff

Technical Tip: Group Assignment Rules Tips

Forum|Forum|1 year ago
October 28, 2024
0 replies
608 views

Description

This article describes how to automatically allocate endpoints to custom groups in Workgroups.

Any endpoints that do not meet any of the group assignment rules will be automatically placed in the Other Endpoints group.

This rule does not apply to domain-joined endpoints, even if it matches a previously created group assignment rule.

Scope

EMS (on-prem and Cloud)

Solution

There are four types of group assignment rules, which can be distinguished by:

Installer ID
Invitation
IP Address
OS

Installer ID

Create an installer ID group assignment rule and select the desired group to allocate the endpoint that deployed using the FortiClient Installer that was packaged from EMS.

Create a FortiClient Installer deployment package and include the created Installer ID.

Any FortiClient endpoint that was installed using this installer package will automatically be placed in the defined group. In this example, the HR Dept group.

Invitation.

Create an invitation code under the Endpoints -> Invitations tab.

Create a group assignment rule under the Endpoints -> Group Assignment Rules tab to select the created invitation code and desired group.

Any FortiClient endpoint that is connected to the EMS using this invitation code will be placed automatically in the defined group. In this example, the Sales Dept group.

IP Address

Create an IP Address group assignment rule under the Endpoints -> Group Assignment Rules tab and enter a specific IPv4 subnet/IP range. IPv6 subnet/IP range is not supported.
Select the desired group to allocate the endpoint that matched the defined IP address in the next telemetry communication.

OS.

Create an OS group assignment rule under the Endpoints -> Group Assignment Rules tab and enter specific OS, for example Windows/Windows Server 2019.
Select the desired group to allocate the endpoint that matched the defined OS in the next telemetry communication.