Configuring Security Control - Fortinet FortiGate Series Administration Manual

SSL VPN

Configuring security control

FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903
http://docs.fortinet.com/ • Feedback
Virtual desktop requires the Fortinet host check plugin. If the plugin is not present, it is
automatically downloaded to the client computer.
To enable virtual desktop
1 Go to VPN > SSL > Portal and select the Edit icon for the web portal.
2 Select the Settings button.
3 Select the Virtual Desktop tab.
4 Select Enable Virtual Desktop.
5 Enable options as required.
6 If you want to apply virtual desktop application control, select the Application Control
List to use.
7 Select OK.
8 Select Apply.
You can apply cache cleaning and host checking to the clients of your web portal.
Cache cleaning clears information from the client browser cache just before the SSL VPN
session ends. The cache cleaner is effective only if the session terminates normally. The
cache is not cleaned if the session ends due to a malfunction, such as a power failure.
Host checking enforces the client's use of antivirus or firewall software. Each client is
checked for security software that is recognized by the Windows Security Center. As an
alternative, you can create a custom host check that looks for specific security software
selected from the Host Check list located at VPN > SSL > Host Check. See
list" on page 648.
To configure Security Control
1 Go to VPN > SSL > Portal and select the Edit icon for the web portal.
2 Select the Settings button.
3 Select the Security Control tab.
4 Enter the following information:
Clean Cache Enable to clear client cache when the SSL VPN session ends.
Host Check Select the type of host checking to use.
AV Check for antivirus software recognized by the Windows Security Center.
AV-FW Check for both antivirus and firewall software recognized by the Windows
Security Center.
Custom Check for the security software listed in the Policy field.
FW Check for firewall software recognized by the Windows Security Center.
None Do not perform host checking.
Interval Select how often to recheck the host. Range is every 120 seconds to 259 200
seconds. Enter 0 to not recheck the host during the session.
Policy The list of acceptable security applications for clients. These application names
are from the Host Check list. This field is available if Host Check is Custom.
Select Edit to choose the host check applications to use. Use the arrow buttons
to move applications between the Available and Selected lists. Clients will be
checked for the applications in the Selected list. Select OK.
5 Select OK.
SSL VPN web portal
"Host Check
639