Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • CLI Reference

    6.0.0
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.16
    6.2.15
    6.2.14
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.0.0
    5.6.0
    5.4.0
    5.2.0
    5.0.0

    vpn ssl web host-check-software

    vpn ssl web host-check-software

    Use this command to define the Windows Firewall software and add your own software requirements to the host check list.

    Note: Host integrity checking is only possible with client computers running Microsoft Windows platforms.

    History

    The following table shows all newly added, changed, or removed entries as of FortiOS 6.0.

    Command Description

    set os-type macos

    New Mac OS type for host checking.

    Note that, once os-type is set to macos, the type, version, and guid entries are not available.

    		 
    config vpn ssl web host-check-software
    edit {name}
    # SSL-VPN host check software.
        set name {string}   Name. size[63]
        set os-type {windows | macos}   OS type.
                windows  Microsoft Windows operating system.
                macos    Apple MacOS operating system.
        set type {av | fw}   Type.
                av  AntiVirus.
                fw  Firewall.
        set version {string}   Version. size[35]
        set guid {string}   Globally unique ID.
        config check-item-list
            edit {id}
            # Check item list.
                set id {integer}   ID (0 - 4294967295). range[0-65535]
                set action {require | deny}   Action.
                        require  Require.
                        deny     Deny.
                set type {file | registry | process}   Type.
                        file      File.
                        registry  Registry.
                        process   Process.
                set target {string}   Target. size[255]
                set version {string}   Version. size[35]
                config md5s
                    edit {id}
                    # MD5 checksum.
                        set id {string}   Hex string of MD5 checksum. size[32]
                    next
            next
    next
end

    Additional information

    The following section is for those options that require additional explanation.

    config check-item-list

    A configuration method to set various check item list variables. Edit to create new and configure settings using the following entries.

    action {require | deny}

    The course of action taken when the item is found.

    • require: If the item is found, the client meets the check item condition. This is the default option.
    • deny: If the item is found, the client is considered to not meet the check item condition. Use this option if it is necessary to prevent the use of a particular security product.
    type {file | registry | process}

    The method used to check for the application.

    • file: Looks for any file that would confirm the presence of the application, not just the application’s executable file. This is the default option.
      Once set, use the target entry below and set it to the full path to the file. Where applicable, you can use environment variables enclosed in percent (%) marks, e.g. %ProgramFiles%\Fortinet\FortiClient\FortiClient.exe.
    • registry: Looks for a Windows Registry entry. Once set, use the target entry below and set it to the registry item, e.g. HKLM\SOFTWARE\Fortinet\FortiClient\Misc.
    • process: Looks for the application as a running process. Once set, use the target entry below and set it to the application’s executable file name.
    target <target>

    Depending on what the type entry above is set to, set target as follows:

    • If type is file, enter the full path to the file.
    • If type is registry, enter the registry item.
    • If type is process, enter the application’s executable file name.
    version <version>

    Enter the application version.

    md5s <md5s>

    If type is set to file or process, this entry can be used to enter one or more known MD5 signatures for the application’s executable file. You can use a third-party utility to calculate MD5 signatures or hashes for any file. In addition, you can enter multiple signatures to match multiple versions of the application.

    type {av | fw}

    The software type, antivirus (av, set by default) or firewall (fw). If the software does both, create two separate entries and assign each entry with a type.

    version <version-number>

    Enter the software version.

    guid <guid-value>

    Enter the globally unique identifier (GUID) for the host check application. The value is a hexadecimal number, usually in the form xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx. Windows uses GUIDs to identify applications in the Windows Registry.

    Previous
    Next

    vpn ssl web host-check-software

    vpn ssl web host-check-software

    Use this command to define the Windows Firewall software and add your own software requirements to the host check list.

    Note: Host integrity checking is only possible with client computers running Microsoft Windows platforms.

    History

    The following table shows all newly added, changed, or removed entries as of FortiOS 6.0.

    Command Description

    set os-type macos

    New Mac OS type for host checking.

    Note that, once os-type is set to macos, the type, version, and guid entries are not available.

    		 
    config vpn ssl web host-check-software
    edit {name}
    # SSL-VPN host check software.
        set name {string}   Name. size[63]
        set os-type {windows | macos}   OS type.
                windows  Microsoft Windows operating system.
                macos    Apple MacOS operating system.
        set type {av | fw}   Type.
                av  AntiVirus.
                fw  Firewall.
        set version {string}   Version. size[35]
        set guid {string}   Globally unique ID.
        config check-item-list
            edit {id}
            # Check item list.
                set id {integer}   ID (0 - 4294967295). range[0-65535]
                set action {require | deny}   Action.
                        require  Require.
                        deny     Deny.
                set type {file | registry | process}   Type.
                        file      File.
                        registry  Registry.
                        process   Process.
                set target {string}   Target. size[255]
                set version {string}   Version. size[35]
                config md5s
                    edit {id}
                    # MD5 checksum.
                        set id {string}   Hex string of MD5 checksum. size[32]
                    next
            next
    next
end

    Additional information

    The following section is for those options that require additional explanation.

    config check-item-list

    A configuration method to set various check item list variables. Edit to create new and configure settings using the following entries.

    action {require | deny}

    The course of action taken when the item is found.

    • require: If the item is found, the client meets the check item condition. This is the default option.
    • deny: If the item is found, the client is considered to not meet the check item condition. Use this option if it is necessary to prevent the use of a particular security product.
    type {file | registry | process}

    The method used to check for the application.

    • file: Looks for any file that would confirm the presence of the application, not just the application’s executable file. This is the default option.
      Once set, use the target entry below and set it to the full path to the file. Where applicable, you can use environment variables enclosed in percent (%) marks, e.g. %ProgramFiles%\Fortinet\FortiClient\FortiClient.exe.
    • registry: Looks for a Windows Registry entry. Once set, use the target entry below and set it to the registry item, e.g. HKLM\SOFTWARE\Fortinet\FortiClient\Misc.
    • process: Looks for the application as a running process. Once set, use the target entry below and set it to the application’s executable file name.
    target <target>

    Depending on what the type entry above is set to, set target as follows:

    • If type is file, enter the full path to the file.
    • If type is registry, enter the registry item.
    • If type is process, enter the application’s executable file name.
    version <version>

    Enter the application version.

    md5s <md5s>

    If type is set to file or process, this entry can be used to enter one or more known MD5 signatures for the application’s executable file. You can use a third-party utility to calculate MD5 signatures or hashes for any file. In addition, you can enter multiple signatures to match multiple versions of the application.

    type {av | fw}

    The software type, antivirus (av, set by default) or firewall (fw). If the software does both, create two separate entries and assign each entry with a type.

    version <version-number>

    Enter the software version.

    guid <guid-value>

    Enter the globally unique identifier (GUID) for the host check application. The value is a hexadecimal number, usually in the form xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx. Windows uses GUIDs to identify applications in the Windows Registry.

    Previous
    Next