FortiOS v3.0 MR7 SSL VPN User Guide
54
01-30007-0348-20080718
SSL VPN host OS patch check
Configuring a FortiGate SSL VPN
SSL VPN host OS patch check
SSLVPN Client OS Patch Check feature allows a client with a specific OS patch to
access SSL VPN services. The host check only works on Windows platforms.
This means that MacOS/Linux users can always logon (assuming they have the
correct user name and password) as the patch check is not applied to them.
Options defined in the SSL VPN user group settings support this function (CLI
only):
Configuration Example
The following configuration allows a Windows 2000 user with patch level 2
(
latest-patch-level
minus
tolerance
) and above permission to access SSL
VPN services, as well as any Windows XP users.
config vpn ssl settings
set sslvpn-enable enable
set tunnel-endip 10.1.1.10
set tunnel-startip 10.1.1.1
end
config user group
edit "g1"
set group-type sslvpn
set sslvpn-tunnel enable
set sslvpn-tunnel-startip 10.1.1.1
set sslvpn-tunnel-endip 10.1.1.10
set sslvpn-webapp enable
set sslvpn-os-check enable
config sslvpn-os-check-list "windows-2000"
set action check-up-to-date
set latest-patch-level 3
Variable
Description
set sslvpn-os-check
{disable | enable}
Enable or disable SSL VPN OS patch level check.
Default disable.
config sslvpn-os-check-
list {windows-2000 |
windows-xp}
Configure the OS of the patch level check.
Available when
set sslvpn-os-check
is set to
enable.
set action {allow |
check-up-to-date | deny}
Specify how to perform the patch level check.
•
allow - any level is permitted
•
check-up-to-date - some patch levels are permitted,
make selections for
latest-patch-level
and
tolerance
•
deny - OS version does not permit access
Available when
set sslvpn-os-check
is set to
check-up-to-date
.
set latest-patch-level
{disable | 0 - 255}
Specify the latest allowed patch level. Default 4 for
Windows 2000, 2 for Windows XP.
Available when
action
is set to
enable
.
set tolerance
{tolerance_num}
Specify the lowest allowable patch level tolerance.
Equals
latest-patch-level
minus
tolerance
and above. Default for Windows 2000 and Windows XP
is 0.
Available when
action
is set to
check-up-to-date
.
Содержание FORTIOS V3.0 MR7
Страница 1: ...www fortinet com FortiOS v3 0 MR7 SSL VPN User Guide U S E R G U I D E...
Страница 6: ...FortiOS v3 0 MR7 SSL VPN User Guide 6 01 30007 0348 20080718 Contents...
Страница 84: ...FortiOS v3 0 MR7 SSL VPN User Guide 84 01 30007 0348 20080718 Logging out Working with the web portal...
Страница 88: ...FortiOS v3 0 MR7 SSL VPN User Guide 88 01 30007 0348 20080718 Index...
Страница 89: ...www fortinet com...
Страница 90: ...www fortinet com...