Skip to main content
BruceLiu
BruceLiu
Visitor III
January 2, 2025
Solved

[Fortigate] Support of Security Posture Check via Free SSL VPN

  • January 2, 2025
  • 2 replies
  • 2575 views

Dear Team,

 

I would like to understand the SSL VPN connectivity features of the latest version of Fortigate combined with FortiClient. In scenarios without EMS integration, is security posture checking still supported?

As shown in the figure below:

forticlient.png
Bruce Liu

 

 
 
Best answer by kaman

Hi BruceLiu,

Security posture checking is supported in the latest version of FortiGate combined with FortiClient for SSL VPN connectivity. You can configure host checking rules on the FortiGate to allow or deny access to the SSL VPN based on specific requirements. FortiClient will receive these host-checking rules from the FortiGate during the initial connection stage and assess if it complies with the rules before establishing the VPN connection.

Please refer to the documentation for more details on configuring OS and host check for SSL VPN connections: -

FortiGate-powered host check for free VPN client 7.0.3: [Link](https://docs.fortinet.com/document/forticlient/7.0.0/new-features/651315/fortigate-powered-host-check) - Configuring OS and host check: [Link]

(https://docs.fortinet.com/document/fortigate/latest/administration-guide/32970/configuring-os-and-host-check)

2 replies

kaman
Staff
kamanAnswer
Staff
January 3, 2025

Hi BruceLiu,

Security posture checking is supported in the latest version of FortiGate combined with FortiClient for SSL VPN connectivity. You can configure host checking rules on the FortiGate to allow or deny access to the SSL VPN based on specific requirements. FortiClient will receive these host-checking rules from the FortiGate during the initial connection stage and assess if it complies with the rules before establishing the VPN connection.

Please refer to the documentation for more details on configuring OS and host check for SSL VPN connections: -

FortiGate-powered host check for free VPN client 7.0.3: [Link](https://docs.fortinet.com/document/forticlient/7.0.0/new-features/651315/fortigate-powered-host-check) - Configuring OS and host check: [Link]

(https://docs.fortinet.com/document/fortigate/latest/administration-guide/32970/configuring-os-and-host-check)

    BruceLiu
    BruceLiuAuthor
    Visitor III
    January 10, 2025

    Dear Kaman,

    I would like to further confirm, if I set "set host-check custom", does it mean that "host-check av-fw" becomes invalid? I am wondering if it is possible to satisfy both "host-check av-fw" and custom configurations at the same time. I feel that defining the conditions to meet "host-check av-fw" in "config vpn ssl web host-check-software" is not an easy task, right?

    If you have any good suggestions regarding the above, please share them with me. Thank you.


    Bruce Liu

     
    BruceLiu
    BruceLiuAuthor
    Visitor III
    January 8, 2025

    Dear Kaman,

    That sounds great.

    I happen to have a Fortigate 60E on hand, and I will try using it.

    If I encounter any issues, I will consult you.

    Regards,

    Bruce Liu

     

      Terms & ConditionsAccessibility statement