beautypg.com

Ssl vpn host os patch check, Configuration example – Fortinet FORTIOS V3.0 MR7 User Manual

Page 54

background image

FortiOS v3.0 MR7 SSL VPN User Guide

54

01-30007-0348-20080718

SSL VPN host OS patch check

Configuring a FortiGate SSL VPN

SSL VPN host OS patch check

SSLVPN Client OS Patch Check feature allows a client with a specific OS patch to
access SSL VPN services. The host check only works on Windows platforms.
This means that MacOS/Linux users can always logon (assuming they have the
correct user name and password) as the patch check is not applied to them.
Options defined in the SSL VPN user group settings support this function (CLI
only):

Configuration Example

The following configuration allows a Windows 2000 user with patch level 2
(

latest-patch-level

minus tolerance

) and above permission to access SSL

VPN services, as well as any Windows XP users.

config vpn ssl settings

set sslvpn-enable enable

set tunnel-endip 10.1.1.10

set tunnel-startip 10.1.1.1

end

config user group

edit "g1"

set group-type sslvpn

set sslvpn-tunnel enable

set sslvpn-tunnel-startip 10.1.1.1

set sslvpn-tunnel-endip 10.1.1.10

set sslvpn-webapp enable

set sslvpn-os-check enable

config sslvpn-os-check-list "windows-2000"

set action check-up-to-date

set latest-patch-level 3

Variable

Description

set sslvpn-os-check
{disable | enable}

Enable or disable SSL VPN OS patch level check.
Default disable.

config sslvpn-os-check-
list {windows-2000 |
windows-xp}

Configure the OS of the patch level check.
Available when set sslvpn-os-check is set to
enable.

set action {allow |
check-up-to-date | deny}

Specify how to perform the patch level check.

allow - any level is permitted

check-up-to-date - some patch levels are permitted,
make selections for latest-patch-level and
tolerance

deny - OS version does not permit access

Available when set sslvpn-os-check is set to
check-up-to-date

.

set latest-patch-level
{disable | 0 - 255}

Specify the latest allowed patch level. Default 4 for
Windows 2000, 2 for Windows XP.
Available when action is set to enable.

set tolerance
{tolerance_num}

Specify the lowest allowable patch level tolerance.
Equals latest-patch-level minus tolerance
and above. Default for Windows 2000 and Windows XP
is 0.
Available when action is set to check-up-to-date.

See also other documents in the category Fortinet Hardware: