FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 287405
Description This article describes how to Synchronize FortiClient Endpoints/Users Across the Security Fabric.
Scope FortiGate v6.x.x and v7.x.x.

When FortiGates are connected in a security fabric setup, the firewalls can only show the local FortiClient users list i.e. for which the FortiGate is acting as a gateway.FortiClient user synchronization is not possible across the fabric FortiGates.

This is an expected behavior.


However, ZTNA tags can be synchronized across the fabric and they can be used in the firewall policies. If a tag is not present in the firewall, when the endpoint requests the FortiGate, it will query the EMS for further details regarding ZTNA tags.


Related document:

Configuring EMS to share tagging information with multiple FortiGates