Help
FortiClient
FortiClient proactively defends against advanced attacks. Its tight integration with the Security Fabric enables policy-based automation to contain threats and control outbreaks. FortiClient is compatible with Fabric-Ready partners to further strengthen enterprises’ security posture.
Rathan_FTNT
Staff
Staff

Created on ‎10-12-2020 01:23 AM Edited on ‎01-30-2024 03:25 AM By Community Manager

Article Id 196379

Technical Tip: Synchronizing FortiClient EMS tags and configurations

Description
This article describes how to synchronize FortiClient EMS tags and configurations.

Scope
A new option under the FortiClient EMS settings consolidates the setup of EMS connectors to support EMS tags.
EMS tags are pulled and automatically synced with the EMS server.

Ii is converted into read-only dynamic firewall addresses that can be used in firewall policies, routing, and so on.

Solution
- Tags have been created on Compliance Verification -> Compliance Verification Rules page.

 

 
 
 
- There are registered users who match the defined tags that are visible on Compliance Verification -> Host Tag Monitor page.
 
 
 
 
 
To configure FortiClient EMS with tag synchronization from GUI.

1) Configure the EMS Fabric Connector:
- On the root FortiGate, go to Security Fabric -> Fabric Connectors.
- Select 'Create New' and select 'FortiClient EMS'.
- Enable Synchronize firewall addresses.
 
 

 
 
- Configure the other settings as needed and validate the certificate.
- Select 'OK'.
 
2) Go to Policy & Objects -> Addresses and hover over the EMS tag to view which IPs it resolves to.
 
3) Configure a firewall policy:
- Go to Policy & Objects -> Firewall Policy and create a new policy.
- For the Source Address, add the EMS tag dynamic address.
 
 

 
 
- Configure the other settings as needed.
- Select 'OK'.

To configure FortiClient EMS with tag synchronization from CLI.

Configure the EMS Fabric Connector.
# config endpoint-control fctems
    edit "ems137"
        set fortinetone-cloud-authentication disable
        set server "172.16.200.137"
        set https-port 443
        set source-ip 0.0.0.0
        set pull-sysinfo enable
        set pull-vulnerabilities enable
        set pull-avatars enable
        set pull-tags enable
        set call-timeout 5000
        set certificate "REMOTE_Cert_1"
next
end
Verify which IPs the dynamic firewall address resolves to.
# diagnose firewall dynamic list
List all dynamic addresses:
FCTEMS0580-----9_ems137_vuln_critical_tag: ID(118)
ADDR(10.1.100.120)
ADDR(10.1.100.198)
FCTEMS0580-----9_ems137_winscp_tag: ID(155)
ADDR(100.100.100.141)

FCTEMS0580-----9_ems137_win10_tag: ID(182)
        ADDR(10.1.100.120)
# diagnose firewall dynamic address FCTEMS0580226579_ems137_vuln_critical_tag
FCTEMS0580-----9_ems137_vuln_critical_tag: ID(118)
        ADDR(10.1.100.120)
        ADDR(10.1.100.198)

Total dynamic list entries: 1.
Total dynamic addresses: 2
Total dynamic ranges: 0
Configure a firewall policy that uses the EMS tag dynamic firewall address as a source.

 

5315
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.