Description
This article describes how to configure SSL VPN OS check for Windows 10 clients with specific Windows build number.
Solution
FortiGate with the bellow configuration accepts all FortiClient SSL VPN connections from Windows 10 build 18362 and newer.
Connection attempts from other operating systems will be denied.
- To specify the acceptable patch level, set the latest-patch-level and the tolerance. The lowest acceptable patch level is the latest-patch-level minus tolerance. In this case, the latest-patch-level is 18363, and tolerance is 1, so build 18362 is the lowest acceptable patch level.
- When skip-check-for-unsupported-os is set to disable as in above example, unsupported operating systems such as Android or iOS will not be allowed to connect.
- For Windows 10 and Windows 8, the build number is the patch level.
- Windows 10 clients with older build number than 18362 will be presented with a warning message similar to the one bellow and their access will be denied.
This article describes how to configure SSL VPN OS check for Windows 10 clients with specific Windows build number.
Solution
# config vpn ssl web portalConfiguration example.
edit <portal_name>
set os-check enable
set skip-check-for-unsupported-os <enable | disable>
# config os-check-list { macos-bigsur-11 | macos-catalina-10.15 | macos-high-sierra-10.13 | macos-mojave-10.14 |
macos-sierra-10.12 | os-x-el-capitan-10.11 | os-x-mavericks-10.9 | os-x-yosemite-10.10 |
windows-7 | windows-8 | windows-8.1 | windows-10 | windows-2000 }
set action check-up-to-date
set tolerance <0~65535>
set latest-patch-level <disable/0~65535>
end
next
end
FortiGate with the bellow configuration accepts all FortiClient SSL VPN connections from Windows 10 build 18362 and newer.
Connection attempts from other operating systems will be denied.
# config vpn ssl web portalNotes:
edit full-access
set os-check enable
set skip-check-for-unsupported-os disable
# config os-check-list windows-10
set action check-up-to-date
set tolerance 1
set latest-patch-level 18363
end
next
end
- To specify the acceptable patch level, set the latest-patch-level and the tolerance. The lowest acceptable patch level is the latest-patch-level minus tolerance. In this case, the latest-patch-level is 18363, and tolerance is 1, so build 18362 is the lowest acceptable patch level.
- When skip-check-for-unsupported-os is set to disable as in above example, unsupported operating systems such as Android or iOS will not be allowed to connect.
- For Windows 10 and Windows 8, the build number is the patch level.
- Windows 10 clients with older build number than 18362 will be presented with a warning message similar to the one bellow and their access will be denied.
