- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Fortigate 100D scan before connection SSL VPN
I am using a Fortigate 100D (Version: FortiGate-100D v5.6.9,build1673,190513 (GA)) and wish to force a scan of the computer/laptop (with Forticlient) OR/AND check if there are any security risks that still have to be resolved before they can connect over the SSL VPN. If the user is seen as a risk, the connection would not be possible. This is to make sure there will be no viruses on the computer/laptop when they connect over the SSL VPN.
I tried tackling this by using the 'Forticlient Compliance Profiles' but to no success, as the users who connect over the SSL VPN were not connected to the Compliance & Telemetry on their Forticlient.
To resolve this issue i tried (but I am not certain that this is even the right action to resolve this) to enable 'Allow Endpoint Registration' in the SSL-VPN Settings. If I tried this and saved I got a 'IP address is in same subnet as the others' error. Does there need to be a new separate address range configured when you allow the endpoint registration? If so, why exactly would this be?
First question;is this possible with the Fortigate?
Second question: if it is possible, is there any documentation on this so I can further investigate this? I did not seem to find any clear information on this besides what I have mentioned above, which i found in the forticookbook.
Thanks in advance.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Seems to be interesting.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It can be done with EMS tags and ZTA. A brief explanation is shown on this video here.
If you have found a solution, please like and accept it to make it easily accessible for others.
