Hello!
We have a FortiGate in 6.4.X and we re already using SSL VPN with 2FA with Fortitoken, and we must keep this 2FA auth.
We use Foticlient 6.4 with free license.
Now we want to enforce that only notebooks from the company can connect to the VPN.
We tried to do it with the MAC address host chech,but only works for Forticlient before 6.2 (on free versions).
https://community.fortinet.com/t5/FortiClient/Technical-Tip-Limitation-on-SSLVPN-MAC-address-host-ch...
How you guys think we could implement this?
If you have any link that guides me great.
Thank you in advance!
Kind regards.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi,
With a free client, it is not possible.
It is possible with EMS and Zero Trust Tags with Fortiagte.
https://docs.fortinet.com/document/forticlient/7.0.2/ems-administration-guide/924998/zero-trust-tags
With the latest version, you can use Tags in VPN before a VPN connection.
https://docs.fortinet.com/document/forticlient/7.0.2/ems-administration-guide/29925/ssl-vpn
Let us know do you have more questions?
Thanks
Hello,
thanks for the reply.
The FGT should be in version 7.0 too?
Another question, I was thinking about using certificates on end PCs.
Would this work in conjuntion with the 2FA already implemented (usr/pass + token) ?
Thanks!
Hey kamarale,
yes, you can require certificates in addition to already implemented 2FA. A guide on combining certificate authentication with user/password: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Combining-remote-user-authentication-and-c...
-> second factor would simply be requested as part of RADIUS authentication or local user authentication
Regarding the domain computer requirement - I don't know if this would still work with newer (free) FortiClient versions, but it might be worth a try: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Checking-AD-domain-of-host-connecting-to-a...
Regarding FortiGate - it will need to be in a version compatible with FortiClient and EMS 7.0.2, and to my knowledge on FortiOS 7.0 supports the full ZTNA implementation available in (licensed) FortiClient 7.0.
Hope that helps!
Hello,
does anyone know this questions?
Thanks in advance.
Regards.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1692 | |
1087 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.