Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
auzaman_FTNT
Staff
Staff

Created on ‎11-30-2016 04:10 AM

Article Id 190497

Configuring SSL VPN host check based on MD5 fingerprint

Description
This article shows how to perform a custom MD5 fingerprint check before allowing access to SSL VPN users.
Solution
The following configuration example adds a custom host check and enforces it in the "full-access" web portal. You can use a third-party utility to calculate MD5 fingerprint.

In below example we have calculated MD5 signature for application putty.exe located in program files folder.

config vpn ssl web host-check-software
edit MD5-test           
  config check-item-list
  edit 1                              
    set type file                   
    set target "%programfiles%\\putty\\putty.exe"
    set md5s "ba78410702f0cc8453da1afbb2a8b670"
  next
end
end


It is important to note that we need "\\" when defining the target path as shown above.

Now add this custom policy to SSL VPN portal using following commands:
 
config vpn ssl web portal
edit full-access
  set host-check custom
  set host-check-policy MD5-test
next
end

Labels:
3168
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.