Hot!Remote SSL VPN host check

Author
shahary
New Member
  • Total Posts : 1
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/04/30 05:51:50
  • Status: offline
2019/05/01 23:32:45 (permalink)
0

Remote SSL VPN host check

Hi,
I am running Fortigate 501E with remote SSL VPN (os version 5.6.8). I wanted to know if someone came across a problem with the host check configuration. I want to permit access to the LAN through SSL VPN only with computers with specific parameters, so I tried to configure os-check to allow only win-10 os, registry check (for domain), and av-fw but nothing work. 
 
Some of the configuration:
set os-check enable
config os-check-list "windows-2000"
set action deny
config os-check-list "windows-xp"
set action deny
config os-check-list "windows-vista"
set action deny
config os-check-list "windows-7"
set action deny
config os-check-list "windows-8"
set action deny
config os-check-list "windows-8.1"
set action deny
config os-check-list "windows-10"
set host-check custom
set host-check-policy "corp.x.com" "WindowsFW-DomainProfile" "Trend-Micro-AV"
edit "corp.x.com"
set type fw
config check-item-list
edit 1
set type registry
set target "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Tcpip\\Parameters:Domain==corp.x.com"
next
end
config vpn ssl web host-check-software
edit "WindowsFW-DomainProfile"
set type fw
config check-item-list
edit 1
set type registry
set target "Computer\\HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\DomainProfile:EnableFirewall=1"
next
end
 
I even tried the command:
set skip-check-for-unsupported-os disable
 
 
 
#1

3 Replies Related Threads

    emre8083
    New Member
    • Total Posts : 1
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/10/14 00:43:51
    • Status: offline
    Re: Remote SSL VPN host check 2019/10/22 04:21:43 (permalink)
    0
    hi did you find a solution this problem?
     
     
    #2
    rojekj
    Bronze Member
    • Total Posts : 29
    • Scores: 8
    • Reward points: 0
    • Joined: 2017/03/24 03:31:23
    • Status: offline
    Re: Remote SSL VPN host check 2019/11/12 05:43:13 (permalink)
    0
    Same problem here. No matter what type of check I want to make, it does not work.
    I tried on FortiOS 5.6.11 and FortiClient 5.6.0 and 6.0.8.
     
    Is having FortiClient registered necessary? We are only using it as a VPN client, without license, without registration to FortiGate or EMS.
    #3
    rojekj
    Bronze Member
    • Total Posts : 29
    • Scores: 8
    • Reward points: 0
    • Joined: 2017/03/24 03:31:23
    • Status: offline
    Re: Remote SSL VPN host check 2019/11/14 03:01:30 (permalink)
    0
    I finally figured out how to get this feature working. Simply.... Update to 6.0.6, as it doesn't work in 5.6.11 (and probably earlier 5.6 releases).
    Who would have thought that this might be a firmware bug? Why am I so surprised?! :D
    #4
    Jump to:
    © 2019 APG vNext Commercial Version 5.5