Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
nithincs
Staff
Staff

Created on ‎06-01-2020 07:11 AM Edited on ‎11-15-2024 05:10 AM By Moderator

Article Id 189806

Technical Tip: Enabling periodic host check

Description

 

This article describes how to monitor host check definitions periodically when an SSL VPN is connected.

 

Scope

 

FortiGate.

Solution


For security reasons, configure the host check policy in the SSL VPN web portal to allow an SSL VPN connection.
Monitor the same host check policy throughout out SSL VPN connection using the 'host-check-interval' option and if the host check policy fails FortiGate will terminate the SSL VPN connection.

For example.

FortiGate allows the SSL VPN connection from the client PC running with the cmd.exe process.
Set 'host-check-interval' to verify the 'cmd.exe' application as a running process in the client PC.
If the 'cmd.exe' is closed by the user then the VPN also gets disconnected.

 

config  vpn  ssl web  host-check-software
(host-check-software)edit check_process
(check_process) # config check-item-list
(check-item-list)edit 1
(1)set type process
(1)set target chrome.exe
(1)end
(check_process)end
 
config  vpn ssl web portal
(portal) # edit full-access
(full-access)set host-check custom
(full-access)set host-check-policy check_process
(full-access)set host-check-interval 120                        <----- Value can be set from <120> to <259200> seconds.
(full-access)end

 

From SSL VPN debug, the hostcheck result is visible when SSL VPN is connected.

 

[3144:root:4]req: /remote/hostcheck_validate
[3144:root:4]deconstruct_session_id:399 decode session id ok, user=[sslvpn1],group=[],authserver=[],portal=[full-access],host=[10.5.22.116],realm=[],idx=0,auth=1,sid=4623da2c,login=1590166655,access=1590166655,saml_logout_url=no
[3144:root:4]User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) [SV{v=01.01;}]
[3144:root:4]deconstruct_session_id:399 decode session id ok, user=[sslvpn1],group=[],authserver=[],portal=[full-access],host=[10.5.22.116],realm=[],idx=0,auth=1,sid=4623da2c,login=1590166655,access=1590166655,saml_logout_url=no
[3144:root:4]host check result:4 0100,6.1.1,xx:xx:xx:xx:xx:xx|xx:xx:xx:xx:xx:xx

 

For every 120 seconds, a periodic host check will get triggered and FortiGate will get host check information from FortiClient.

 

[3144:root:6]req: /remote/hostcheck_periodic?hostcheck=010
[3144:root:6]deconstruct_session_id:399 decode session id ok, user=[sslvpn1],group=[],authserver=[],portal=[full-access],host=[10.5.22.116],realm=[],idx=0,auth=1,sid=4623da2c,login=1590166655,access=1590166655,saml_logout_url=no
[3144:root:6]host check result:4 0100,6.1.1,xx:xx:xx:xx:xx:xx|xx:xx:xx:xx:xx:xx|xx:xx:xx:xx:xx:xx

 

If the process is killed in the client PC, the host check will fail during periodic host checks.

 

[3144:root:9]req: /remote/hostcheck_periodic?hostcheck=000
[3144:root:9]deconstruct_session_id:399 decode session id ok, user=[sslvpn1],group=[],authserver=[],portal=[full-access],host=[10.5.22.116],realm=[],idx=0,auth=1,sid=4623da2c,login=1590166655,access=1590166655,saml_logout_url=no
[3144:root:9]host check result:4 0000,6.1.1,xx:xx:xx:xx:xx:xx|xx:xx:xx:xx:xx:xx|xx:xx:xx:xx:xx:xx
[3144:root:9]User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) [SV{v=01.01;}]
[3144:root:9]deconstruct_session_id:399 decode session id ok, user=[sslvpn1],group=[],authserver=[],portal=[full-access],host=[10.5.22.116],realm=[],idx=0,auth=1,sid=4623da2c,login=1590166655,access=1590166655,saml_logout_url=no
[3144:root:9]periodic host checked failed
[3144:root:9]session removed s: 0x7f1584487000 (root)
[3144:root:9]deconstruct_session_id:399 decode session id ok, user=[sslvpn1],group=[],authserver=[],portal=[full-access],host=[10.5.22.116],realm=[],idx=0,auth=1,sid=4623da2c,login=1590166655,access=1590166655,saml_logout_url=no
[3144:root:0]sslvpn_internal_remove_one_web_session:2807 web session (root:sslvpn1::10.5.22.116:0 1) removed for Client did something to cause the failure
[3144:root:5]rmt_check_conn_session:2088 delete connection 0x7f1584488900 w/ web session 0
[3144:root:5]Destroy sconn 0x7f1584488900, connSize=1. (root)
[3144:root:5]sslvpn_release_apsession:1628 free app session, idx[0]
[3144:root:5]tunnelStateCleanup:764 0x7f1584488900::0x7f1584704000
[3144:root:0]ipcp: down ppp:0x7f158474f000 caller:0x7f1584488900 tun:39

 

Note: host-check-interval 0 means the periodic checking is disabled and host-check happens only when the endpoint connects to VPN.

It is impossible to manually set to 0, unset host-check-interval.

6624
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.