Help
FortiClient
FortiClient proactively defends against advanced attacks. Its tight integration with the Security Fabric enables policy-based automation to contain threats and control outbreaks. FortiClient is compatible with Fabric-Ready partners to further strengthen enterprises’ security posture.
jie
Staff
Staff

Created on ‎12-04-2025 09:57 PM

Article Id 411118

Technical Tip: Identifying Registry value of IPS engine version check on Windows Endpoints with ZTNA Tags

Description This article describes how to detect the registry value of the IPS engine version check on a Windows endpoint by using the ZTNA tag.
Scope FortiClient, FortiClient EMS v7.4.
Solution

Go to FortiClient EMS -> Security Posture Tags -> Tags and select 'Create' to create a new ZTNA tagging rule.

 

1.PNG

 

Go to the endpoint machine, under registry location: 'Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Fortinet\FortiClient\FA_FW' and find out the current engine version.

 

1.PNG

 

ZTNA Tag Logic is shown as below:

 

1.PNG

 

Save this creation, and the result comes out as shown in the screenshots below.

 

EMS:

 

1.PNG

 

FortiClient:

 

1.PNG
67
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.