Enabling Endpoint Protection in security policies
Endpoint Protection is applied to any traffic where the controlling firewall policy has Endpoint Security enabled. The device group to which the device belongs determines which FortiClient profile is applied. The policy searches the list of FortiClient profiles starting from the top and applies the first profile assigned to the device group.
To enable Endpoint Protection - web-based manager
1. Go to Policy > Policy > Policy and edit the device identity firewall policy where you want to enable Endpoint Protection.
2. Create or edit an authentication rule.
3. Select Compliant with FortiClient profile.
4. Select OK.
To configure the firewall policy - CLI
In this example, the LAN connects to Port 2 and the Internet is connected to Port 1. a FortiClient profile is applied.
config firewall policy
edit 0
set srcintf port2
set dstintf port1
set srcaddr LANusers
set dstaddr all
set action accept
set identity-based enable
set identity-from device
set nat enable
config identity-based-policy
edit 1
set schedule always
set service ALL
set devices all
set endpoint-compliance enable
end
end