Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
BruceLiu
New Contributor II

Created on ‎01-02-2025 02:00 AM

[Fortigate] Support of Security Posture Check via Free SSL VPN

Dear Team,

 

I would like to understand the SSL VPN connectivity features of the latest version of Fortigate combined with FortiClient. In scenarios without EMS integration, is security posture checking still supported?

As shown in the figure below:

forticlient.png
Bruce Liu

 

 
 
Labels:
505
0 Kudos
1 Solution
kaman
Staff
Staff

Created on ‎01-03-2025 03:01 AM

Hi BruceLiu,

Security posture checking is supported in the latest version of FortiGate combined with FortiClient for SSL VPN connectivity. You can configure host checking rules on the FortiGate to allow or deny access to the SSL VPN based on specific requirements. FortiClient will receive these host-checking rules from the FortiGate during the initial connection stage and assess if it complies with the rules before establishing the VPN connection.

Please refer to the documentation for more details on configuring OS and host check for SSL VPN connections: -

FortiGate-powered host check for free VPN client 7.0.3: [Link](https://docs.fortinet.com/document/forticlient/7.0.0/new-features/651315/fortigate-powered-host-chec...) - Configuring OS and host check: [Link]

(https://docs.fortinet.com/document/fortigate/latest/administration-guide/32970/configuring-os-and-ho...)

View solution in original post

460
3 REPLIES 3
kaman
Staff
Staff

Created on ‎01-03-2025 03:01 AM

Hi BruceLiu,

Security posture checking is supported in the latest version of FortiGate combined with FortiClient for SSL VPN connectivity. You can configure host checking rules on the FortiGate to allow or deny access to the SSL VPN based on specific requirements. FortiClient will receive these host-checking rules from the FortiGate during the initial connection stage and assess if it complies with the rules before establishing the VPN connection.

Please refer to the documentation for more details on configuring OS and host check for SSL VPN connections: -

FortiGate-powered host check for free VPN client 7.0.3: [Link](https://docs.fortinet.com/document/forticlient/7.0.0/new-features/651315/fortigate-powered-host-chec...) - Configuring OS and host check: [Link]

(https://docs.fortinet.com/document/fortigate/latest/administration-guide/32970/configuring-os-and-ho...)

461
BruceLiu
New Contributor II
In response to kaman

Created on ‎01-09-2025 11:48 PM

Dear Kaman,

I would like to further confirm, if I set "set host-check custom", does it mean that "host-check av-fw" becomes invalid? I am wondering if it is possible to satisfy both "host-check av-fw" and custom configurations at the same time. I feel that defining the conditions to meet "host-check av-fw" in "config vpn ssl web host-check-software" is not an easy task, right?

If you have any good suggestions regarding the above, please share them with me. Thank you.


Bruce Liu

 
366
0 Kudos
BruceLiu
New Contributor II

Created on ‎01-08-2025 01:03 AM

Dear Kaman,

That sounds great.

I happen to have a Fortigate 60E on hand, and I will try using it.

If I encounter any issues, I will consult you.

Regards,

Bruce Liu

 

411
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.