Skip to main content
TBC
TBC
Explorer
June 22, 2022
Solved

SSL-VPN Host-Check fpr Win-Server

  • June 22, 2022
  • 4 replies
  • 3225 views

Hello,

is there a chance to add a Host-Check for Win-Server to block them for VPN Connection?

 

Many thanks

TBC

Best answer by kcheng

Hi @TBC 

 

Please issue the following command and retry to connect with Linux host once again:

config vpn ssl web portal
edit "portal name"
set skip-check-for-unsupported-os disable
end

 

This is to configure FortiGate in a way that OS check is mandatory, and do not skip OS version that FortiGate is unable to identify:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-configure-FortiClient-SSL-VPN-check-for/ta-p/193932

 

4 replies

ssudhakar
Staff
ssudhakar
Staff
June 22, 2022

Hi there:

 

Can you please try the following? Is this what you are looking for?

 

https://community.fortinet.com/t5/FortiClient/Technical-Tip-FortiClient-Host-Checker-Support-for-Windows/ta-p/192227

 

Thank you,

Hope.

    kcheng
    Staff & Editor
    kcheng
    Staff & Editor
    June 23, 2022

    Hi @TBC 

     

    If you are connecting to SSLVPN on FortiGate, you can restrict the specific OS version to connect. You may refer to the following guide:

    https://docs.fortinet.com/document/fortigate/7.2.0/administration-guide/32970/configuring-os-and-host-check

     

    Once you turn on the feature of OS check, technically all windows server would not be able to connect. That is because the Windows Server OS version do not match those in the list.

      TBC
      TBCAuthor
      Explorer
      June 23, 2022

      Thank you both so much! Both info have helped me further!
      What surprises me a little is that when HostCheck is active, Linux systems can use the VPN client.
      Is there also a corresponding possibility for Linux?

       

      Many thanks

      TBC

      kcheng
      Staff & Editor
      kchengAnswer
      Staff & Editor
      June 23, 2022

      Hi @TBC 

       

      Please issue the following command and retry to connect with Linux host once again:

      config vpn ssl web portal
      edit "portal name"
      set skip-check-for-unsupported-os disable
      end

       

      This is to configure FortiGate in a way that OS check is mandatory, and do not skip OS version that FortiGate is unable to identify:

      https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-configure-FortiClient-SSL-VPN-check-for/ta-p/193932

       

        TBC
        TBCAuthor
        Explorer
        June 23, 2022

        Hello Cheng,

        perfect, that's exactly that what I looking for!!

         

        Many many thanks!

        Cheers TBC

        Terms & ConditionsAccessibility statement