DescriptionThis article shows how to perform a custom MD5 fingerprint check
before allowing access to SSL VPN users.
SolutionThe following configuration example adds a custom host check and
enforces it in the "full-access" web portal. You can use a
third-party utility to calculate MD5 fingerprint.
In below example we have calculated MD5 signature for application
putty.exe located in program files folder.
config vpn ssl web host-check-software
edit
MD5-test
config check-item-list
edit
1
set type
file
set target "%programfiles%\\putty\\putty.exe"
set md5s "ba78410702f0cc8453da1afbb2a8b670"
next
endend
It is important to note that we need "\\" when defining the target
path as shown above.
Now add this custom policy to SSL VPN portal using following
commands:
config vpn ssl web portal
edit full-access
set host-check custom
set host-check-policy MD5-test
next
end