Help
FortiSASE
FortiSASE delivers both a consistent security posture and an optimal user experience for users working from anywhere. Secure your hybrid workforce by closing security gaps, plus simplify operations.
sjoshi
Staff
Staff

Created on ‎09-10-2025 04:07 AM

Article Id 409999

Technical Tip: Enforcing Endpoint Compliance in FortiSASE with ZTNA Tags for FortiClient, Antivirus, and OS Versions

Description

 

This article describes how to configure and enforce Zero Trust Network Access (ZTNA) tagging rules in FortiSASE to ensure endpoint compliance. Specifically, it covers posture checks for FortiClient version, if antivirus is running, and operating system version.

 

Scope

 

FortiSASE.

 

Solution

 

Go to Endpoint Management -> Security Posture tags.
Create a tag first:

 

11.PNG

 

Create tagging rules:

 

11.PNG

 

Since this compliance tag is intended only for Windows systems, make sure to disable the options for other operating systems.

 

In the FortiSASE Feature Release, an AND/OR logical operator option is available, which allows administrators to build more granular rules by combining multiple compliance conditions.

 

WhatsApp Image 2025-09-08 at 13.23.32.jpeg

 

For this tag to match on an endpoint, the following conditions must be met:

  • The antivirus must be running.
  • The operating system must be Windows 11.
  • The FortiClient version must be 7.2.10 or higher.

 

Since the endpoint matches all the conditions, the tag appears.

 

11.PNG

41
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.