Technical Note: SSL VPN blocking users running specific OS versions
Description
This article explains how to deny SSL VPN access to users running certain legacy operating systems such as Windows 2000 or XP.
Scope
FortiGate.
Solution
- From the GUI go to the VPN -> SSL-VPN Portal -> fullaccess, webaccess or tunnel access.
- An option called Restrict will be visible to Specific OS versions.
- Enable that and it will be possible to deny the connections from specific OS versions.
From the CLI issue the following commands:
config vpn ssl web portal
edit <portal-name>
set os-check enable <----- Enables os-check.
edit <portal-name>
set os-check enable <----- Enables os-check.
config os-check-list windows-2000
set action deny
end
set skip-check-for-unsupported-os disable <----- Change default value to disable.
The 'os-check-list' may contain multiple Windows versions.
set action deny
end
set skip-check-for-unsupported-os disable <----- Change default value to disable.
The 'os-check-list' may contain multiple Windows versions.