Enabling Endpoint Protection in security policies
Endpoint Protection is applied to any traffic where the controlling firewall policy has Endpoint Security enabled. The device group to which the device belongs determines which FortiClient profile is applied. The policy searches the list of FortiClient profiles starting from the top and applies the first profile assigned to the device group.
To enable Endpoint Protection - web-based manager
1. Go to Policy & Objects > Policy > IPv4 and edit the security policy where you want to enable Endpoint Protection.
The policy must specify at least one Source Device Type.
2. Select Compliant with FortiClient profile.
3. Select OK.
To configure the firewall policy - CLI
In this example, the LAN connects to Port 2 and the Internet is connected to Port 1. a FortiClient profile is applied.
config firewall policy
edit 0
set srcintf port2
set dstintf port1
set srcaddr LANusers
set dstaddr all
set devices employee\ laptop
set schedule always
set service ALL
set devices all
set action accept
set nat enable
set endpoint-compliance enable
end