Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ss26101983ss
New Contributor

Created on ‎05-23-2023 12:17 PM

how can i restrict unlicensed vpn versions connecting via VPN

the user can install the unlicensed version of forticlient and get unnoticed by the EMS which means they can circumvent the security profiles and settings applied to the users

Is there a way to avoid such connectivity of VPN to our network ?

Labels:
1140
0 Kudos
8 REPLIES 8
gfleming
Staff
Staff

Created on ‎05-23-2023 05:14 PM

You could leverage zero trust tags for this

https://docs.fortinet.com/document/forticlient/7.2.0/ems-administration-guide/924998/zero-trust-tags

Cheers,
Graham
1125
0 Kudos
ss26101983ss
New Contributor
In response to gfleming

Created on ‎05-24-2023 11:15 AM

if you use the unlicensed version that machine will not be reporting to EMS and you can push the updates to the device that doesn't report to ems

1062
0 Kudos
Christian_89
Contributor III

Created on ‎05-23-2023 09:41 PM

hello
I would recommend the ZTNA approach.

1112
0 Kudos
btan
Staff
Staff

Created on ‎05-24-2023 03:00 AM

If you are looking to prevent FCT free-version to connect to your FGT VPN, you may follow below guide:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Restricted-SSL-VPN-to-FortiClient-connecte...

Note that this is a global setting in FGT.

Regards,
Bon
1099
0 Kudos
FarinaAhmed
New Contributor III

Created on ‎05-24-2023 03:15 AM

  1. Enable Endpoint Control on your FortiGate device to enforce policies that allow only authorized versions of FortiClient VPN to connect.

  2. Utilize FortiClient EMS to manage and control the deployment of FortiClient VPN. Enforce licensing requirements, monitor client versions, and push updates to ensure all endpoints are running licensed and authorized versions.

  3. Implement Network Access Control (NAC) mechanisms such as 802.1X authentication or NAC solutions to verify the presence of a valid and licensed FortiClient VPN version before granting network access.

  4. Create firewall policies on your FortiGate device that specifically allow traffic only from licensed FortiClient VPN versions.

  5. Educate users about the importance of using authorized and licensed versions of FortiClient VPN and the risks associated with unlicensed software.

Farina Ahmed
Farina Ahmed
1097
0 Kudos
ss26101983ss
New Contributor

Created on ‎05-24-2023 11:14 AM

is that possible to create firewall policies on Fortigates to allow only licensed version ?

1062
0 Kudos
srajeswaran
Staff
Staff
In response to ss26101983ss

Created on ‎05-24-2023 10:54 PM

Firewall policy comes into picture after the VPN is connected, so it may not serve the purpose .

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

1037
0 Kudos
FortiNitish
Staff
Staff

Created on ‎05-28-2023 02:23 AM

You can enable the below settings, this will check the serial number , and only permit host machines connected to EMS.

# config system global
    set sslvpn-ems-sn-check enable
end

 

 

 

1017
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.