Hi Community,
Using an EMS, Fortigate and fortianalyzer if needed , I m trying to see how I can quarantine users that don't have a fortiClient installed and have the last signature from the EMS.
Thank you,
Hi @Selim_mannai ,
To quarantine users who don't have FortiClient installed and do not have the latest signature from EMS, you can leverage FortiGate’s integration with EMS and FortiAnalyzer. Here's a step-by-step approach and the related document:
1-FortiClient EMS Configuration: Ensure that your FortiClient EMS is properly configured and managing your endpoints. This includes deploying the FortiClient with the necessary configuration profiles.
2-FortiGate Configuration: Integrate FortiGate with FortiClient EMS. Go to Security Fabric > Settings and configure the EMS server settings.
3-FortiClient Compliance Profile: Create a compliance profile in EMS to ensure endpoints have the latest signature and FortiClient installed.
4-Assign Compliance Profile: Assign the compliance profile to the endpoints.
5-Automation Stitch: Create an automation stitch to handle non-compliance actions. Go to Security Fabric > Automation and create a stitch with a trigger based on endpoint non-compliance and an action to add the user to the quarantine group.
BR.
If my answer provided a solution for you, please mark the reply as solved it so that others can get it easily while searching for similar scenarios.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1739 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.