Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
TBC
Contributor

Created on ‎06-22-2022 02:35 AM

SSL-VPN Host-Check fpr Win-Server

Hello,

is there a chance to add a Host-Check for Win-Server to block them for VPN Connection?

 

Many thanks

TBC

Labels:
2240
0 Kudos
1 Solution
kcheng
Staff
Staff
In response to TBC

Created on ‎06-23-2022 12:13 AM

Hi @TBC 

 

Please issue the following command and retry to connect with Linux host once again:

config vpn ssl web portal
edit "portal name"
set skip-check-for-unsupported-os disable
end

 

This is to configure FortiGate in a way that OS check is mandatory, and do not skip OS version that FortiGate is unable to identify:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-configure-FortiClient-SSL-VPN-check...

 

Cheers,
Kayzie Cheng

If you have found a solution, please like and accept it to make it easily accessible for others.

View solution in original post

2204
5 REPLIES 5
ssudhakar
Staff
Staff

Created on ‎06-22-2022 11:27 AM

Hi there:

 

Can you please try the following? Is this what you are looking for?

 

https://community.fortinet.com/t5/FortiClient/Technical-Tip-FortiClient-Host-Checker-Support-for-Win...

 

Thank you,

Hope.

2215
kcheng
Staff
Staff

Created on ‎06-22-2022 08:12 PM

Hi @TBC 

 

If you are connecting to SSLVPN on FortiGate, you can restrict the specific OS version to connect. You may refer to the following guide:

https://docs.fortinet.com/document/fortigate/7.2.0/administration-guide/32970/configuring-os-and-hos...

 

Once you turn on the feature of OS check, technically all windows server would not be able to connect. That is because the Windows Server OS version do not match those in the list.

Cheers,
Kayzie Cheng

If you have found a solution, please like and accept it to make it easily accessible for others.
2211
TBC
Contributor

Created on ‎06-22-2022 11:47 PM

Thank you both so much! Both info have helped me further!
What surprises me a little is that when HostCheck is active, Linux systems can use the VPN client.
Is there also a corresponding possibility for Linux?

 

Many thanks

TBC

2208
0 Kudos
kcheng
Staff
Staff
In response to TBC

Created on ‎06-23-2022 12:13 AM

Hi @TBC 

 

Please issue the following command and retry to connect with Linux host once again:

config vpn ssl web portal
edit "portal name"
set skip-check-for-unsupported-os disable
end

 

This is to configure FortiGate in a way that OS check is mandatory, and do not skip OS version that FortiGate is unable to identify:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-configure-FortiClient-SSL-VPN-check...

 

Cheers,
Kayzie Cheng

If you have found a solution, please like and accept it to make it easily accessible for others.
2205
TBC
Contributor

Created on ‎06-23-2022 12:56 AM

Hello Cheng,

perfect, that's exactly that what I looking for!!

 

Many many thanks!

Cheers TBC

2202
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.