SSL VPN host OS patch check | Configuring a FortiGate SSL VPN |
SSL VPN host OS patch check
SSLVPN Client OS Patch Check feature allows a client with a specific OS patch to access SSL VPN services. The host check only works on Windows platforms. This means that MacOS/Linux users can always logon (assuming they have the correct user name and password) as the patch check is not applied to them. Options defined in the SSL VPN user group settings support this function (CLI only):
Variable
set
config
set action {allow
set
set tolerance {tolerance_num}
Description
Enable or disable SSL VPN OS patch level check. Default disable.
Configure the OS of the patch level check. Available when set
Specify how to perform the patch level check.
•allow - any level is permitted
•
•deny - OS version does not permit access Available when set
Specify the latest allowed patch level. Default 4 for Windows 2000, 2 for Windows XP.
Available when action is set to enable.
Specify the lowest allowable patch level tolerance. Equals
Available when action is set to
Configuration Example
The following configuration allows a Windows 2000 user with patch level 2
config vpn ssl settings set
end
config user group edit "g1"
set
set
set
set
config
set
| FortiOS v3.0 MR7 SSL VPN User Guide |
54 |