This article describes how to use SSL VPN host check features to allow or prevent endpoints from connecting to FortiGate through SSL VPN, depending on software installation and process running state.
FortiGate, SSL VPN.
In certain organizations, endpoints are needed to install and run specified software before they can establish an SSL VPN connection.
For an example, consider the following scenario: before making SSL VPN connections, endpoints are required to install endpoint security software (such as TrendMicro).
This article will demonstrate the process of setting up a custom host check policy and utilizing it to target a particular SSL VPN user group through the SSL VPN portal.
SSLVPN host check policy configuration
Note:
Testing and validation
Case 1: TrendMicro software is not installed or it is installed but not running.
Result: SSLVPN users are not able to connect to FortiGate as it does not meet the host check requirements.
SSL VPN debug logs:
Case 2: Software is installed and running
Result: SSL VPN users are able to connect to FortiGate as it meets the host check requirement.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.