This is related to https://kb.fortinet.com/k....do?externalID=FD39129 and to https://kb.fortinet.com/k....do?externalID=FD48982
We have defined a custom host check to only allow access from systems that are member of our domain, that have specific files in a given folder and that run certain programs.
We would like to add an antivirus check to that.
The difficulty is that we are in the process of upgrading the anti virus software, and noticed that the old version has a different GUID from the new one. Due to circumstances beyond our control, we expect it will take several months before everyone is running the same version again.
We configured the host-check-software similar to this:
config vpn ssl web host-check-software
edit "Domain check"
set type registry
set target "HKLM\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters:Domain=ours.com"
set type process
set target something-essential.exe
edit "AV virusscan 1"
set version "18"
set guid "mmmmmmm"
edit "AV virusscan 2"
set version "19"
set guid "nnnnnnn""
But how do you define the host-check-policy so that either the 1st and 2nd or the 1st and 3rd condition must be met for a given portal?
(I.e. (A and B) or (A and C))
Yes, I read it. It's the first link in my post.
Point 8 states "If GUID differs then host check will fail. The version check will pass as long as the application version is equal to or greater than what is defined in the custom host check definition along with GUID match."
As explained, the 2 versions of our AV don't have matching GUIDs, which is why we need both "AV virusscan 1" and "AV virusscan 2".