Hi,
I want to check Antivirus and Registry Key for SSL VPN clients. But as I investigated, Fortigate doesn't allow host-check custom and host-check AV at the same time. I can check check AV and Registry seperately but I want to control both of them.
It may work the Antivirus instanceGuid and registry check, but when AV endpoint upgraded, the GUID will change and clients won't able to connect to VPN.
I can check if the AV endpoint .exe running, but this won't check for AV upgrades and it will just for one endpoint brand.
Is there any configuration for checking the registry key and AV at the same time?
You could use Zero Trust Tags. While it won't prevent users from connecting to the VPN you can use tags in dynamic FW policies to prevent them from accessing any resources based on the tagging rules.
We are not using EMS. Trying to configure with Forticlient. Clients have 7.0.7 version
Can you create multiple entries in the custom host check config?
config check-item-list
In config check-item-list, I can't use default AV check of the Fortigate. Yes I can config "ONE" antivirus GUID but that doesn't solve my problem. I want to use both default AV check which can be activated on GUI and my custom host check config.
As you see below, I can config "Host-check-policy" only custom or AV.
All I want is activate both of them
config vpn ssl web portal
edit "tunnel-access"
set host-check custom
set host-check-policy "domain-check"
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1738 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.