FortiGate
Last updated June 02, 2026
Learn how FortiOS 8.0 enhances IPsec VPN endpoint compliance by enabling continuous endpoint tag verification, even when EMS is unavailable.
In this video, we demonstrate how FortiClient sends endpoint tags to FortiOS as JSON Web Tokens (JWTs), allowing FortiOS to validate endpoint compliance directly. FortiOS continues to retrieve the latest endpoint tags from EMS when available, while maintaining the ability to validate compliance using tags received from FortiClient during EMS outages or periods of unresponsiveness.
This enhancement helps maintain security posture, reduces dependency on EMS availability, and prevents unnecessary VPN connection failures caused by temporary EMS connectivity issues.
Topics covered:
• EMS tag checks for IPsec VPN Phase 2
• JSON Web Token (JWT) endpoint tag validation
• FortiClient endpoint tag transmission
• EMS outage and fallback validation behavior
• Security posture verification
• VPN tunnel continuity during EMS disruptions
• FortiOS 8.0 enhancements
In this video, we demonstrate how FortiClient sends endpoint tags to FortiOS as JSON Web Tokens (JWTs), allowing FortiOS to validate endpoint compliance directly. FortiOS continues to retrieve the latest endpoint tags from EMS when available, while maintaining the ability to validate compliance using tags received from FortiClient during EMS outages or periods of unresponsiveness.
This enhancement helps maintain security posture, reduces dependency on EMS availability, and prevents unnecessary VPN connection failures caused by temporary EMS connectivity issues.
Topics covered:
• EMS tag checks for IPsec VPN Phase 2
• JSON Web Token (JWT) endpoint tag validation
• FortiClient endpoint tag transmission
• EMS outage and fallback validation behavior
• Security posture verification
• VPN tunnel continuity during EMS disruptions
• FortiOS 8.0 enhancements
More Videos
