Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Quarantine Hosts that don't have forticlient installed on a network behind a FortiGate + EMS

Hi Community,


Using an EMS, Fortigate and fortianalyzer if needed , I m trying to see how I can quarantine users that don't have a fortiClient installed and have the last signature from the EMS.


Thank you,



New Contributor III

Hi @Selim_mannai ,


To quarantine users who don't have FortiClient installed and do not have the latest signature from EMS, you can leverage FortiGate’s integration with EMS and FortiAnalyzer. Here's a step-by-step approach and the related document:

1-FortiClient EMS Configuration: Ensure that your FortiClient EMS is properly configured and managing your endpoints. This includes deploying the FortiClient with the necessary configuration profiles.

2-FortiGate Configuration: Integrate FortiGate with FortiClient EMS. Go to Security Fabric > Settings and configure the EMS server settings.

3-FortiClient Compliance Profile: Create a compliance profile in EMS to ensure endpoints have the latest signature and FortiClient installed.

4-Assign Compliance Profile: Assign the compliance profile to the endpoints.

5-Automation Stitch: Create an automation stitch to handle non-compliance actions. Go to Security Fabric > Automation and create a stitch with a trigger based on endpoint non-compliance and an action to add the user to the quarantine group.




If my answer provided a solution for you, please mark the reply as solved it so that others can get it easily while searching for similar scenarios.

Atakan Atak
Atakan Atak

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors