Skip to main content
bfig90
bfig90
Explorer
October 30, 2024
Solved

Configuring a profile to allow or block endpoint from VPN tunnel connection based on the applied sec

  • October 30, 2024
  • 1 reply
  • 1375 views

Dear,

Following the guide (https://docs.fortinet.com/document/forticlient/7.4.0/ems-administration-guide/701440/configuring-a-profile-to-allow-or-block-endpoint-from-vpn-tunnel-connection-based-on-the-applied-security-posture-tag) i'm trying to create rules in order to block for i.e:endpoint with critical vulnerabilities to connect vpn.

 

But in my console i do not have the option like showing in the link:

 

Link console:

2024-10-30_11-31.png

 

My console:

2024-10-30_11-30.png

Best answer by bfig90
 

I found it. In the new console version 7.4.0 the option is this one, after you have created the rule logic:

2024-10-30_15-50.png

 

 

1 reply

johnathan
Staff
johnathan
Staff
October 30, 2024

That document references a 'security posture tag', which needs to be configured first before it is selected. You can make it by following this guide: 
https://docs.fortinet.com/document/forticlient/7.4.0/ems-administration-guide/142/adding-a-security-posture-tagging-rule-set

Never trust a computer you can't throw out a window.
bfig90
bfig90Author
Explorer
October 30, 2024

I understand. I followed the link and i learned that i can create 2-3 ore more rules in one. But still i cannot find how to apply this rule in order to say that if EndpointXY is not fulfilling this conditions do not connect 

johnathan
Staff
johnathan
Staff
October 30, 2024

I would rewrite the rule to only apply the tag to the client if they are meeting your requirements. You can then only allow the user to connect if that tag is there. 

Never trust a computer you can't throw out a window.
Terms & ConditionsAccessibility statement