FortiOS 6 – FortiClient Compliance Profiles

1 Reply

Modifying the endpoint protection replacement messages

If the security policy has Redirect all non-compliant/unregistered FortiClient compatible devices to a captive portal enabled, users of non-compliant devices are redirected to a captive portal that is defined by the Endpoint NAC Download Portal replacement message. There are different portals for Android, iOS, Mac, Windows, Quarantine, and “other” devices.

To modify the the endpoint protection replacement messages

  1. Go to System > Replacement Messages and select Extended View.
  2. In the Endpoint Control section select the message that you want to edit.

The replacement message and its HTML code appear in a split screen in the lower half of the page.

  1. Modify the text as needed and select Save.

Monitoring endpoints

Go to Monitor > FortiClient Monitor to monitor endpoints.

The Monitor page allows the user to view FortiClient endpoint devices grouped by interface and then subgrouped by compliance status. Compliance status can be compliant, non-compliant, exempt, or quarantined.

Status Enforcement Enabled Enforcement Disabled
Compliant List only active FortiClient endpoints. No devices listed.
Not-compliant List devices not-compliant with

FortiClient profile, so long as they are not exempt.

 No devices listed.
Exempt* List FortiClient endpoints exempt from FortiClient compliance. List of all user devices except those quarantined by the administrator.
Quarantined List devices quarantined by the administrator. List devices quarantined by the administrator.

* Includes device exempt reasons as any combination of device, device category/group, and source address.

You can see the reasons for non-compliance by right-clicking on an endpoint in the list.

 

Pages: 1 2 3 4 5
This entry was posted in Administration Guides, FortiOS 6 on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

One thought on “FortiOS 6 – FortiClient Compliance Profiles

  1. German Taboadela

    Hey! Great article. Do you know if this feature was removed in FortiOS 6.2.3? I’ve already enabled Endpoint Control feature buth the “FortiClient Compliance” menu is still missing… perhaps they moved that functionality to EMS completely? Ijust can’t find a way to log forticlient data without EMS.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.