Created on 06-01-2020 07:02 AM Edited on 11-28-2021 09:16 PM By Anonymous
Description
This article describes the passing conditions for host check list defined in host-check-software and host-check-policy defined in the web portal.
Solution
Host Check list defined in host-check-software works as AND condition whereas host-check-policy defined in web portal works as OR condition.
Scenario 1.
Two check-item-list in host check definitions have been defined.
# config vpn ssl web host-check-software
edit hostcheck_condition1
# config check-item-list
edit 1
set type file
set target C:\Program Files\Fortinet\FortiClient\FortiClient.exe
next
edit 2
set type process
set target FortiClient.exe
next
end
When hostcheck_condition1 is called in the host-check-policy as below, Pc's running with FortiClient.exe application and having the file FortiClient.exe in the specific file location will be able to connect the VPN.
If one of these check-item-list fails, then SSL VPN will not connect.
# config vpn ssl web portal
edit full-access
set host-check custom
set host-check-policy hostcheck_condition1
end
Scenario 2.
Two host check definitions as below have been defined.
# config vpn ssl web host-check-software
edit hostcheck_condition1
# config check-item-list
edit 1
set type file
set target C:\Program Files\Fortinet\FortiClient\FortiClient.exe
next
edit 2
set type process
set target cmd.exe
next
edit hostcheck_condition2
# config check-item-list
edit 1
set type registry
set target HKEY_LOCAL_MACHINE\SOFTWARE\Fortinet\FortiClient
next
end
If both hostcheck_condition1 and hostcheck_condition2 are called in the host-check-policy, then the client can connect SSL VPN if it passes both or anyone host check definition.
# config vpn ssl web portal
edit full-access
set host-check custom
set host-check-policy hostcheck_condition1 hostcheck_condition2
end
Client PC passing the all check-item-list defined in hostcheck_condition1 or hostcheck_condition2 will be able to connect VPN.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.