As in they are not supposed to install and use third party VPN.
Only allow own firewall VPN connections.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi there,
There are 2 requirements i can see here:
1. Block install VPN application on the PC level
2. Allow own firewall VPN connection << What do you mean by this?
For number 1, This should be block by endpoint control like Forticlient.
For number 2, Are you referring to Forticlient or IPSEC VPN on the Fortigate itself?
Hi,
Isnt forticlient a VPN client? How does it prevent users from installing another VPN client?
For number 2, allow own firewall vpn connection, I mean the firewall and SSL and ipsec vpn configured.
Endusers should only use these VPNs and not that of third parties.
Is there any way to prevent this?
Hi there,
Free Forticlient only support VPN features. For full endpoint control to manage your PC, this required paid version.
To block VPN, Proxy traffic in your network, you may use Application control.
This is a good sharing from our fan:
https://www.youtube.com/watch?v=l5crGRzytfs (Note: This is external link for your reference)
You can block the category instead of specific application.
Do you know the vpn ssl OS and host check?
Think it could be what are you looking for.
FortiGate can't block an endpoint from installing VPN software. It's a firewall/router/etc. not an endpoint agent doing compliance enforcement. At best you may try to block access to known websites that offer VPN software downloads (or block VPN-related keywords with webfilter), but that is a fool's errand since these installers can be served from any arbitrary server. You'll never catch them all. (and a laptop user could just download one when not connected through your FortiGate anyway)
What you could do is try to block VPN usage with Application Control. You could start by blocking the "Proxy" category (covers all VPN-related signatures), and then tweak further. Keep in mind that you may need to enable deep SSL inspection on everything if you need to be thorough in blocking. (this may become very taxing on the FortiGate performance, depending on the model and total throughput)
Ultimately, in my personal opinion, you'll achieve the best results by enforcing tighter control on the endpoints themselves - by blocking users from installing arbitrary applications, using some endpoint enforcement/protection software, etc.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1698 | |
1092 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.