Dear Team,
I would like to understand the SSL VPN connectivity features of the latest version of Fortigate combined with FortiClient. In scenarios without EMS integration, is security posture checking still supported?
As shown in the figure below:
Bruce Liu
Solved! Go to Solution.
Hi BruceLiu,
Security posture checking is supported in the latest version of FortiGate combined with FortiClient for SSL VPN connectivity. You can configure host checking rules on the FortiGate to allow or deny access to the SSL VPN based on specific requirements. FortiClient will receive these host-checking rules from the FortiGate during the initial connection stage and assess if it complies with the rules before establishing the VPN connection.
Please refer to the documentation for more details on configuring OS and host check for SSL VPN connections: -
FortiGate-powered host check for free VPN client 7.0.3: [Link](https://docs.fortinet.com/document/forticlient/7.0.0/new-features/651315/fortigate-powered-host-chec...) - Configuring OS and host check: [Link]
(https://docs.fortinet.com/document/fortigate/latest/administration-guide/32970/configuring-os-and-ho...)
Hi BruceLiu,
Security posture checking is supported in the latest version of FortiGate combined with FortiClient for SSL VPN connectivity. You can configure host checking rules on the FortiGate to allow or deny access to the SSL VPN based on specific requirements. FortiClient will receive these host-checking rules from the FortiGate during the initial connection stage and assess if it complies with the rules before establishing the VPN connection.
Please refer to the documentation for more details on configuring OS and host check for SSL VPN connections: -
FortiGate-powered host check for free VPN client 7.0.3: [Link](https://docs.fortinet.com/document/forticlient/7.0.0/new-features/651315/fortigate-powered-host-chec...) - Configuring OS and host check: [Link]
(https://docs.fortinet.com/document/fortigate/latest/administration-guide/32970/configuring-os-and-ho...)
Dear Kaman,
I would like to further confirm, if I set "set host-check custom", does it mean that "host-check av-fw" becomes invalid? I am wondering if it is possible to satisfy both "host-check av-fw" and custom configurations at the same time. I feel that defining the conditions to meet "host-check av-fw" in "config vpn ssl web host-check-software" is not an easy task, right?
If you have any good suggestions regarding the above, please share them with me. Thank you.
Bruce Liu
Dear Kaman,
That sounds great.
I happen to have a Fortigate 60E on hand, and I will try using it.
If I encounter any issues, I will consult you.
Regards,
Bruce Liu
User | Count |
---|---|
2675 | |
1410 | |
810 | |
702 | |
455 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.