FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
auzaman_FTNT
Staff
Staff
Description
This article shows how to perform a custom MD5 fingerprint check before allowing access to SSL VPN users.
Solution
The following configuration example adds a custom host check and enforces it in the "full-access" web portal. You can use a third-party utility to calculate MD5 fingerprint.

In below example we have calculated MD5 signature for application putty.exe located in program files folder.

config vpn ssl web host-check-software
edit MD5-test           
  config check-item-list
  edit 1                              
    set type file                   
    set target "%programfiles%\\putty\\putty.exe"
    set md5s "ba78410702f0cc8453da1afbb2a8b670"
  next
end
end


It is important to note that we need "\\" when defining the target path as shown above.

Now add this custom policy to SSL VPN portal using following commands:
 
config vpn ssl web portal
edit full-access
  set host-check custom
  set host-check-policy MD5-test
next
end


Contributors