- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Quarantine Hosts that don't have forticlient installed on a network behind a FortiGate + EMS
Hi Community,
Using an EMS, Fortigate and fortianalyzer if needed , I m trying to see how I can quarantine users that don't have a fortiClient installed and have the last signature from the EMS.
Thank you,
- Labels:
-
FortiAnalyzer
-
FortiClient
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @Selim_mannai ,
To quarantine users who don't have FortiClient installed and do not have the latest signature from EMS, you can leverage FortiGate’s integration with EMS and FortiAnalyzer. Here's a step-by-step approach and the related document:
1-FortiClient EMS Configuration: Ensure that your FortiClient EMS is properly configured and managing your endpoints. This includes deploying the FortiClient with the necessary configuration profiles.
2-FortiGate Configuration: Integrate FortiGate with FortiClient EMS. Go to Security Fabric > Settings and configure the EMS server settings.
3-FortiClient Compliance Profile: Create a compliance profile in EMS to ensure endpoints have the latest signature and FortiClient installed.
4-Assign Compliance Profile: Assign the compliance profile to the endpoints.
5-Automation Stitch: Create an automation stitch to handle non-compliance actions. Go to Security Fabric > Automation and create a stitch with a trigger based on endpoint non-compliance and an action to add the user to the quarantine group.
BR.
If my answer provided a solution for you, please mark the reply as solved it so that others can get it easily while searching for similar scenarios.