Created on 05-05-2020 11:52 PM Edited on 08-31-2022 09:10 AM By Anonymous
Description
This article describes a solution to block SSLVPN connection from smartphones and allow only specific windows and MAC OS.
Solution
A useful feature available on a SSL VPN connection is the ability to check OS version and allow SSLVPN connection.
Configure OS check in the FortiGate SSLVPN web portal and map the web portal to the user group in SSLVPN setting.
OS check can be enabled only via CLI in 6.0.
# config vpn ssl web portal
edit full-access
set os-check enable
# config os-check-list windows-2000
end
# config os-check-list windows-7
end
# config os-check-list windows-8
end
# config os-check-list windows-8.1
end
# config os-check-list windows-10
end
# config os-check-list os-x-mavericks-10.9
end
# config os-check-list os-x-yosemite-10.10
end
# config os-check-list os-x-el-capitan-10.11
end
# config os-check-list macos-sierra-10.12
end
# config os-check-list macos-high-sierra-10.13
end
# config os-check-list macos-mojave-10.14
end
set skip-check-for-unsupported-os disable
next
end
OS check can be enabled via GUI in 6.2.
Go to VPN -> SSL-VPN Portals, edit portal and enable 'Host Check'.
# config vpn ssl web portalMap the web portal to the SSLVPN user group in authentication rule.
edit full-access
set skip-check-for-unsupported-os disable
end
Note: The Host/OS check works only for tunnel mode when FortiClient is involved. It does not work for web mode(browser) as expected.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.