The following configuration adds a custom
host check, and enforces it in the 'full-access' web portal.
# config vpn ssl web host-check-software edit "test-registry" # config check-item-list edit 1 set target "HKLM\\SOFTWARE\\Something\\Registry_Key:Registry_Data==Data_Value" set type registry next end next end# config vpn ssl web portal
edit "full-access"
set host-check custom
set host-check-policy "test-registry" next endFor example, check against the computer name:
# config vpn ssl web host-check-software
edit "test-registry"
config check-item-list
edit 1
set target "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\ComputerName\\ActiveComputerName:ComputerName=TESTLAPTOP"
set type registry
next
end
next
endSame holds true for a check of domains, set the 'target as':
HKLM\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters:Domain==forti.labNote:
Both HKLM and HKEY_LOCAL_MACHINE work.
Note:
Using FortiClient, fully licenses version should be used to make Host-check registry work.
If the registry key is not present, this error message on the FortiClient will appear:
Related Articles
Technical Tip: Configuring custom registry checks for SSL VPN
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.