FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes how to configure a custom file check for SSL VPN connection when the user connects through macOS.
Scope
FortiGate, FortiClient v7.0.3 and above, SSL VPN, macOS.
Solution
Users can configure a custom file check to check the existence of a certain file in the target connecting machine before allowing an SSL VPN connection. The configuration step is documented in the following document: FortiGate-powered host check for free VPN client 7.0.3
However, the documented steps would work for Windows hosts. For macOS, it should be configured as below:
config vpn ssl web host-check-software edit "mac_file_exist" set os-type macos config check-item-list edit 1 set target "<file path to check>" next end next end
config vpn ssl web portal edit "full-access" set host-check custom set host-check-policy "mac_file_exist" next end
Once this is configured, FortiGate will perform a file check based on the MACoS file structure and permit the connection only if the client matches the condition specified in the custom host-check-software section.
