This article describes how to create a group for mapping specific end devices to a FortiSASE EndPoint Profile.
Scope
FortiSASE.
Solution
The FortiSASE endpoint profile can be used to configure different VPN profiles for different users. Each Endpoint Profile can be mapped to specific endpoints added to different groups.
For this, go to Configuration > EndPoint > Profiles, select ‘Create’ and a new End Point profile will be created. Give it a name and select VPNs to push to the end users of this profile.
Go to Groups & AD Users and select ‘Add‘
It will give you two options:
- AD Users
- Groups.
If the endpoints are part of the Active Directory Domain, it is possible to use the AD User option to specify the AD groups and link the endpoints which are part of the group.
To add a domain to FortiSASE, check this article:
Domains
If the endpoint is not part of a domain, select the ‘Groups’ option:
Select ‘Non-AD Groups’ and select ‘Create sub-group’
Give a name to the Subgroup. Select the Endpoints to add to this group and select ‘Add selected’ After that, make sure that all the groups to push to this profile are selected by toggling the option next to them as shown below:
Select ‘Ok’. The groups are as shown below:
Select ‘Ok’ to save the changes.