Configuring a profile to allow or block endpoint from VPN tunnel connection based on the applied sec

bfig90 · ‎10-30-2024

Dear,

Following the guide (https://docs.fortinet.com/document/forticlient/7.4.0/ems-administration-guide/701440/configuring-a-p... i'm trying to create rules in order to block for i.e:endpoint with critical vulnerabilities to connect vpn.

But in my console i do not have the option like showing in the link:

Link console:

My console:

bfig90 · ‎10-30-2024

I found it. In the new console version 7.4.0 the option is this one, after you have created the rule logic:

View solution in original post

johnathan · ‎10-30-2024

That document references a 'security posture tag', which needs to be configured first before it is selected. You can make it by following this guide:
https://docs.fortinet.com/document/forticlient/7.4.0/ems-administration-guide/142/adding-a-security-...

"Never trust a computer you can't throw out a window."

bfig90 · ‎10-30-2024

I understand. I followed the link and i learned that i can create 2-3 ore more rules in one. But still i cannot find how to apply this rule in order to say that if EndpointXY is not fulfilling this conditions do not connect

johnathan · ‎10-30-2024

I would rewrite the rule to only apply the tag to the client if they are meeting your requirements. You can then only allow the user to connect if that tag is there.

"Never trust a computer you can't throw out a window."

bfig90 · ‎10-30-2024

I found it. In the new console version 7.4.0 the option is this one, after you have created the rule logic:

Configuring a profile to allow or block endpoint from VPN tunnel connection based on the applied sec

Nominate a Forum Post for Knowledge Article Creation