Fortinet Document Library

Version:


Table of Contents

CLI Reference

6.0.0
Download PDF
Copy Link

vpn ssl web host-check-software

Use this command to define the Windows Firewall software and add your own software requirements to the host check list.

Note: Host integrity checking is only possible with client computers running Microsoft Windows platforms.

History

The following table shows all newly added, changed, or removed entries as of FortiOS 6.0.

Command Description

set os-type macos

New Mac OS type for host checking.

Note that, once os-type is set to macos, the type, version, and guid entries are not available.

config vpn ssl web host-check-software
    edit {name}
    # SSL-VPN host check software.
        set name {string}   Name. size[63]
        set os-type {windows | macos}   OS type.
                windows  Microsoft Windows operating system.
                macos    Apple MacOS operating system.
        set type {av | fw}   Type.
                av  AntiVirus.
                fw  Firewall.
        set version {string}   Version. size[35]
        set guid {string}   Globally unique ID.
        config check-item-list
            edit {id}
            # Check item list.
                set id {integer}   ID (0 - 4294967295). range[0-65535]
                set action {require | deny}   Action.
                        require  Require.
                        deny     Deny.
                set type {file | registry | process}   Type.
                        file      File.
                        registry  Registry.
                        process   Process.
                set target {string}   Target. size[255]
                set version {string}   Version. size[35]
                config md5s
                    edit {id}
                    # MD5 checksum.
                        set id {string}   Hex string of MD5 checksum. size[32]
                    next
            next
    next
end

Additional information

The following section is for those options that require additional explanation.

config check-item-list

A configuration method to set various check item list variables. Edit to create new and configure settings using the following entries.

action {require | deny}

The course of action taken when the item is found.

  • require: If the item is found, the client meets the check item condition. This is the default option.
  • deny: If the item is found, the client is considered to not meet the check item condition. Use this option if it is necessary to prevent the use of a particular security product.
type {file | registry | process}

The method used to check for the application.

  • file: Looks for any file that would confirm the presence of the application, not just the application’s executable file. This is the default option.
    Once set, use the target entry below and set it to the full path to the file. Where applicable, you can use environment variables enclosed in percent (%) marks, e.g. %ProgramFiles%\Fortinet\FortiClient\FortiClient.exe.
  • registry: Looks for a Windows Registry entry. Once set, use the target entry below and set it to the registry item, e.g. HKLM\SOFTWARE\Fortinet\FortiClient\Misc.
  • process: Looks for the application as a running process. Once set, use the target entry below and set it to the application’s executable file name.
target <target>

Depending on what the type entry above is set to, set target as follows:

  • If type is file, enter the full path to the file.
  • If type is registry, enter the registry item.
  • If type is process, enter the application’s executable file name.
version <version>

Enter the application version.

md5s <md5s>

If type is set to file or process, this entry can be used to enter one or more known MD5 signatures for the application’s executable file. You can use a third-party utility to calculate MD5 signatures or hashes for any file. In addition, you can enter multiple signatures to match multiple versions of the application.

type {av | fw}

The software type, antivirus (av, set by default) or firewall (fw). If the software does both, create two separate entries and assign each entry with a type.

version <version-number>

Enter the software version.

guid <guid-value>

Enter the globally unique identifier (GUID) for the host check application. The value is a hexadecimal number, usually in the form xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx. Windows uses GUIDs to identify applications in the Windows Registry.

vpn ssl web host-check-software

Use this command to define the Windows Firewall software and add your own software requirements to the host check list.

Note: Host integrity checking is only possible with client computers running Microsoft Windows platforms.

History

The following table shows all newly added, changed, or removed entries as of FortiOS 6.0.

Command Description

set os-type macos

New Mac OS type for host checking.

Note that, once os-type is set to macos, the type, version, and guid entries are not available.

config vpn ssl web host-check-software
    edit {name}
    # SSL-VPN host check software.
        set name {string}   Name. size[63]
        set os-type {windows | macos}   OS type.
                windows  Microsoft Windows operating system.
                macos    Apple MacOS operating system.
        set type {av | fw}   Type.
                av  AntiVirus.
                fw  Firewall.
        set version {string}   Version. size[35]
        set guid {string}   Globally unique ID.
        config check-item-list
            edit {id}
            # Check item list.
                set id {integer}   ID (0 - 4294967295). range[0-65535]
                set action {require | deny}   Action.
                        require  Require.
                        deny     Deny.
                set type {file | registry | process}   Type.
                        file      File.
                        registry  Registry.
                        process   Process.
                set target {string}   Target. size[255]
                set version {string}   Version. size[35]
                config md5s
                    edit {id}
                    # MD5 checksum.
                        set id {string}   Hex string of MD5 checksum. size[32]
                    next
            next
    next
end

Additional information

The following section is for those options that require additional explanation.

config check-item-list

A configuration method to set various check item list variables. Edit to create new and configure settings using the following entries.

action {require | deny}

The course of action taken when the item is found.

  • require: If the item is found, the client meets the check item condition. This is the default option.
  • deny: If the item is found, the client is considered to not meet the check item condition. Use this option if it is necessary to prevent the use of a particular security product.
type {file | registry | process}

The method used to check for the application.

  • file: Looks for any file that would confirm the presence of the application, not just the application’s executable file. This is the default option.
    Once set, use the target entry below and set it to the full path to the file. Where applicable, you can use environment variables enclosed in percent (%) marks, e.g. %ProgramFiles%\Fortinet\FortiClient\FortiClient.exe.
  • registry: Looks for a Windows Registry entry. Once set, use the target entry below and set it to the registry item, e.g. HKLM\SOFTWARE\Fortinet\FortiClient\Misc.
  • process: Looks for the application as a running process. Once set, use the target entry below and set it to the application’s executable file name.
target <target>

Depending on what the type entry above is set to, set target as follows:

  • If type is file, enter the full path to the file.
  • If type is registry, enter the registry item.
  • If type is process, enter the application’s executable file name.
version <version>

Enter the application version.

md5s <md5s>

If type is set to file or process, this entry can be used to enter one or more known MD5 signatures for the application’s executable file. You can use a third-party utility to calculate MD5 signatures or hashes for any file. In addition, you can enter multiple signatures to match multiple versions of the application.

type {av | fw}

The software type, antivirus (av, set by default) or firewall (fw). If the software does both, create two separate entries and assign each entry with a type.

version <version-number>

Enter the software version.

guid <guid-value>

Enter the globally unique identifier (GUID) for the host check application. The value is a hexadecimal number, usually in the form xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx. Windows uses GUIDs to identify applications in the Windows Registry.