Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
TBC
Contributor

SSL-VPN Host-Check fpr Win-Server

Hello,

is there a chance to add a Host-Check for Win-Server to block them for VPN Connection?

 

Many thanks

TBC

1 Solution
kcheng

Hi @TBC 

 

Please issue the following command and retry to connect with Linux host once again:

config vpn ssl web portal
edit "portal name"
set skip-check-for-unsupported-os disable
end

 

This is to configure FortiGate in a way that OS check is mandatory, and do not skip OS version that FortiGate is unable to identify:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-configure-FortiClient-SSL-VPN-check...

 

Cheers,
Kayzie Cheng

If you have found a solution, please like and accept it to make it easily accessible for others.

View solution in original post

5 REPLIES 5
ssudhakar
Staff
Staff

Hi there:

 

Can you please try the following? Is this what you are looking for?

 

https://community.fortinet.com/t5/FortiClient/Technical-Tip-FortiClient-Host-Checker-Support-for-Win...

 

Thank you,

Hope.

kcheng
Staff
Staff

Hi @TBC 

 

If you are connecting to SSLVPN on FortiGate, you can restrict the specific OS version to connect. You may refer to the following guide:

https://docs.fortinet.com/document/fortigate/7.2.0/administration-guide/32970/configuring-os-and-hos...

 

Once you turn on the feature of OS check, technically all windows server would not be able to connect. That is because the Windows Server OS version do not match those in the list.

Cheers,
Kayzie Cheng

If you have found a solution, please like and accept it to make it easily accessible for others.
TBC
Contributor

Thank you both so much! Both info have helped me further!
What surprises me a little is that when HostCheck is active, Linux systems can use the VPN client.
Is there also a corresponding possibility for Linux?

 

Many thanks

TBC

kcheng

Hi @TBC 

 

Please issue the following command and retry to connect with Linux host once again:

config vpn ssl web portal
edit "portal name"
set skip-check-for-unsupported-os disable
end

 

This is to configure FortiGate in a way that OS check is mandatory, and do not skip OS version that FortiGate is unable to identify:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-configure-FortiClient-SSL-VPN-check...

 

Cheers,
Kayzie Cheng

If you have found a solution, please like and accept it to make it easily accessible for others.
TBC
Contributor

Hello Cheng,

perfect, that's exactly that what I looking for!!

 

Many many thanks!

Cheers TBC

Labels
Top Kudoed Authors