close

基本上照著

http://cookbook.fortinet.com/ssl-vpn-using-web-and-tunnel-mode-54/

煮一煮就出來了

不過在寫SOP時,順便更新Client,結果和防毒發生一些不可預計的錯誤   (後來才肯定)

變成我的電腦VPN不上去, Log會寫

"your PC does not meet the host checking requirements set by the firewall. Please check that your OS version or antivirus and firewall applications are installed and running properly or you have the right network interface. "

簡單說就是你的電腦有問題啦~ 

Fortigate會寫 host checked failed

=接下來就是WTF的Trouble&shooting=

結論是,在cookbook裡的最後一段CLI

config vpn ssl web portal
  edit full-access
    set host-check av
  end

set這段拿掉就沒事了...

根據原廠論壇裡,鄉民討論的,這是個老問題了,無法明確的指出Forti在檢查Client的AV(anti-virus)出了什麼問題

導致他不給VPN (的確...一定要有防毒才安全...但這只是防君子不防小人的作法,我認為是多此一舉)

 

btw, L2TP目前無解....fuck off L2TP

 

 

arrow
arrow
    文章標籤
    Fortigate SSL VPN
    全站熱搜

    KuoKevin 發表在 痞客邦 留言(1) 人氣()

    E-mail轉寄