Scribd
Upload
98 views1 page

Configuring Custom Registry Checks For SSL VPN

This document provides instructions for configuring custom registry checks before allowing SSL VPN access in Fortigate. It describes adding a custom host check to check the Windows registry for a specific keyword or computer name. The host check is then enforced for a specific SSL VPN web portal.

Uploaded by

ci
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
Download as pdf or txt
98 views1 page

Configuring Custom Registry Checks For SSL VPN

This document provides instructions for configuring custom registry checks before allowing SSL VPN access in Fortigate. It describes adding a custom host check to check the Windows registry for a specific keyword or computer name. The host check is then enforced for a specific SSL VPN web portal.

Uploaded by

ci
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
Download as pdf or txt
Download as pdf or txt
You are on page 1/ 1

27.04.

2020 Techn cal T p: Conf gur ng custom reg stry checks for SSL VPN

Techn cal T p: Conf gur ng custom reg stry checks for SSL VPN Pr nt Art cle

Products
Fort Gate

Descr pt on

This article shows how to perform a custom registry check before allowing SSL VPN access.

Solut on

The following configuration adds a custom host check, and enforces it in the 'full-access' web portal.
# config vpn ssl web host-check-software
edit "test-registry"
# config check-item-list
edit 1
set target "HKLM\\SOFTWARE\\Something\\Example:Keyword"
set type registry
next
end
next
end

# config vpn ssl web portal


edit "full-access"
set host-check custom
set host-check-policy "test-registry"
next
end

For example, check against the computer name:

# config vpn ssl web host-check-software


edit "test-registry"
config check-item-list
edit 1
set target "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\ComputerName\\ActiveComputerName:Comput
set type registry
next
end
next
end

Same holds true for a check of domains, set the 'target as':

HKLM\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters\\Domain:forti.lab

Note:

Both HKLM and HKEY_LOCAL_MACHINE work.

Note:

Using FortiClient, fully licenses version should be used to make Host-check registry work.

If the registry key is not present, this error message on the FortiClient will appear:

Related Art cles


Techn cal T p: Conf gur ng custom reg stry checks for SSL VPN

Last Mod f ed Date: 04-27-2020 Document ID: FD36421

https://kb.fort net.com/kb/m cros tes/search.do?cmd=d splayKC&docType=kc&externalId=FD36421 1/1

You might also like