#config vpn ssl web host-check-software edit 'test-register' set type fw set version '' set guid '00000000-0000-0000-0000-000000000000'
#config check-item-list edit 1 set action require set type registry set target 'HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\services\\Tcpip\\Parameters:Domain==<localdomain>' set version '' next <-----Otros items pueden ser agregados al checklist aquí. end
#config vpn ssl web portal edit "domain-portal" set tunnel-mode enable set host-check custom set limit-user-logins enable set auto-connect enable set ip-pools 'sslvpn-pool' set split-tunneling disable set host-check-policy 'test-register' next
#config vpn ssl settings set reqclientcert enable set servercert 'server_cert' set idle-timeout 1800 set tunnel-ip-pools 'SSLVPN_TUNNEL_ADDR1' set tunnel-ipv6-pools 'SSLVPN_TUNNEL_IPv6_ADDR1' set dns-server1 10.0.0.20 set dns-server2 10.0.0.22 set source-interface 'wan1' set source-address 'all' set source-address6 'all' set default-portal 'web-access' config authentication-rule edit 2 set groups 'Usergroup1' set portal 'test' set realm 'test' next edit 3 set groups 'domain-Users" set portal 'domain-portal' set realm 'domain' next end
De esta forma podemos habilitar el chequeo de dominio o muchos parámetros más para permitir o no conectar un cliente a la VPN SSL de Forticlient.
Cómo permitir conectarse por Forticlient sólo a equipos unidos a un dominio específico
