Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
N_W
New Contributor II

For EMS users in the domain.

Hello,

How can I prevent users who are not in the domain from making SSL VPN connections in FortiEMS?"

 

10 REPLIES 10
ozkanaltas
Valued Contributor III

You don't need to individually add a serial number of devices. If they are registered to EMS they can connect automatically. 

 

I think in your scenario, you can use host check feature on your FortiGate. You can control the registry setting on the client computer. If the field specifying the user domain contains a different value, Fortigate will not allow the connection.

 

https://docs.fortinet.com/document/fortigate/7.4.3/administration-guide/32970/configuring-os-and-hos...

 

 

Here is an example configuration. 

 

 

config vpn ssl web portal
    edit "full-access" <- Your SSL-VPN Portal Name
        set host-check custom
        set host-check-policy "regedit" <- Mapping hostcheck profile.
    next
end

config vpn ssl web host-check-software
    edit "regedit"
        config check-item-list
            edit 1
                set type registry
                set target "HKEY_CURRENT_USER\\Volatile Environment:USERDNSDOMAIN==COMPANY.LOCAL" <- Your company Domain Name
            next
        end
    next
end

 

 

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors