Scribd Logo
Upload

Welcome to Scribd!

  • Configuring Custom Registry Checks For SSL VPN

    Uploaded by

    ci
    85 views1 page
    This document provides instructions for configuring custom registry checks before allowing SSL VPN access in Fortigate. It describes adding a custom host check to check the Windows registry for a specific keyword or computer name. The host check is then enforced for a specific SSL VPN web portal.

    Original Description:

    Original Title

    Configuring custom registry checks for SSL VPN

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document provides instructions for configuring custom registry checks before allowing SSL VPN access in Fortigate. It describes adding a custom host check to check the Windows registry for a specific keyword or computer name. The host check is then enforced for a specific SSL VPN web portal.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    85 views1 page

    Configuring Custom Registry Checks For SSL VPN

    Uploaded by

    ci
    This document provides instructions for configuring custom registry checks before allowing SSL VPN access in Fortigate. It describes adding a custom host check to check the Windows registry for a specific keyword or computer name. The host check is then enforced for a specific SSL VPN web portal.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 1

    27.04.

    2020 Techn cal T p: Conf gur ng custom reg stry checks for SSL VPN

    Techn cal T p: Conf gur ng custom reg stry checks for SSL VPN Pr nt Art cle

    Products
    Fort Gate

    Descr pt on

    This article shows how to perform a custom registry check before allowing SSL VPN access.

    Solut on

    The following configuration adds a custom host check, and enforces it in the 'full-access' web portal.
    # config vpn ssl web host-check-software
    edit "test-registry"
    # config check-item-list
    edit 1
    set target "HKLM\\SOFTWARE\\Something\\Example:Keyword"
    set type registry
    next
    end
    next
    end

    # config vpn ssl web portal


    edit "full-access"
    set host-check custom
    set host-check-policy "test-registry"
    next
    end

    For example, check against the computer name:

    # config vpn ssl web host-check-software


    edit "test-registry"
    config check-item-list
    edit 1
    set target "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\ComputerName\\ActiveComputerName:Comput
    set type registry
    next
    end
    next
    end

    Same holds true for a check of domains, set the 'target as':

    HKLM\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Domain:forti.lab

    Note:

    Both HKLM and HKEY_LOCAL_MACHINE work.

    Note:

    Using FortiClient, fully licenses version should be used to make Host-check registry work.

    If the registry key is not present, this error message on the FortiClient will appear:

    Related Art cles


    Techn cal T p: Conf gur ng custom reg stry checks for SSL VPN

    Last Mod f ed Date: 04-27-2020 Document ID: FD36421

    https://kb.fort net.com/kb/m cros tes/search.do?cmd=d splayKC&docType=kc&externalId=FD36421 1/1

    You might also like