FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes that is only possible to allow SSL VPN connection when a specific third-party antivirus is installed.
The below config does not work:
config vpn ssl web portal edit full-access set host-check av
end
Scope
FortiatGe v7.0 or later.
Solution
FortiGate SSL VPN Option 'host-check av' only checks 'Antivirus software recognized by Windows Security Center'.
To check a third-party antivirus, add it to SSL VPN web host-check-software.
For example:
config VPN SSL web host-check-software edit third-party-av set os-type windows set type av config check-item-list edit 1 set target "C:\\Program Files\\xxxxx\\thir-party_av.exe" next end
config vpn ssl web portal edit full-access set host-check custom <----- Set to custom, otherwise the option 'host-check-policy' will not be available. set host-check-policy third-party-av
set skip-check-for-unsupported-os disable set skip-check-for-browser disable end
