Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
afornaris
Staff
Staff

Created on ‎05-05-2016 10:39 AM Edited on ‎09-20-2023 11:03 AM By Community Manager

Article Id 194592

Technical Note: SSL VPN blocking users running specific OS versions

Description

 

This article explains how to deny SSL VPN access to users running certain legacy operating systems such as Windows 2000 or XP.    


Scope

 

FortiGate.


Solution

 

  1. From the GUI go to the VPN -> SSL-VPN Portal -> fullaccess, webaccess or tunnel access.
  2. An option called Restrict will be visible to Specific OS versions.
  3. Enable that and it will be possible to deny the connections from specific OS versions.

 

sssslll.PNG

 

From the CLI issue the following commands:
 
config vpn ssl web portal
     edit <portal-name>  
          set os-check enable  <-----  Enables os-check.
 
    config os-check-list windows-2000
      set action deny
    end

    set skip-check-for-unsupported-os disable  <-----  Change default value to disable.

The 'os-check-list' may contain multiple Windows versions.
2355
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.