VPN SSL opciones de HOST-CHECK - Parte 1

Iñaki Urrutxi
5 oct 2020
9 Min. de lectura

Debido a la pandemia y el aumento del teletrabajo los accesos remotos a la empresa han aumentando, suponiendo un punto de acceso de equipos que podrian estar comprometidos. Vamos a ver en este y los siguientes blogs como de una forma sencilla securizar los accesos para evitar accesos indebidos y aquellos que son permitidos que cumplan unos requisitos para poder acceder.

Fortigate en los accesos SSL VPN permite chequear en el equipo que intenta acceder una serie de requisitos para permitirle el acceso:

1- Instalado un AV/FW (listado homologado o customizado)

2- Chequeo del S.O

3- Listado de mac address que se permite el acceso

4- Chequeo de aplicaciones corriendo en el sistema

5- Chequeo de registro de Windows por una clave concreta

Vamos a ver en esta primera parte como verificar si el equipo que quiere conectarse tiene la instalación del antivirus de Kaspersky (versión 2.21) y que el S.O sea windows, sino se cumple se denegara el acceso.

Tenemos 2 partes, la configuración del Fortigate de los requisitos que se tienen que chequear y por otro lado comprobar que el equipo tiene instalado correctamente el Kaspersky, este reconocimiento se hace a través del Windows Defender Security Center. Otra cosa a tener en cuenta es que el EPP(Forticlient Endpoint) de Fortigate a partir de la versión 6.0 ha dejado de ser gratuito y para poder chequear estas funcionalidades habrá que adquirir una licencia.

- CONFIGURACION DEL FORTIGATE

Dentro del portal como hemos comentado activamos el host-check del antivirus Kaspersky, seleccionamos el host-check personalizado, y también activamos el os-check para solo permitir aquellos equipos que tienen Windows10 para los que hemos permitido nuestro GUID asociado al antivirus de Kaspersky y denegando el resto.

config vpn ssl web portal
    edit "full-access"
        set tunnel-mode enable
        set auto-connect enable
        set keep-alive enable
        set save-password enable
        set ip-pools "SSLVPN_TUNNEL_ADDR1"
        set split-tunneling disable
        set host-check custom
        set host-check-interval 120
        set host-check-policy "Kasperky-AV-test"
        set os-check enable
        config os-check-list "windows-2000"
        set action deny
        end
        config os-check-list "windows-7"
        set action deny
        end
        config os-check-list "windows-8"
        set action deny
        end
        config os-check-list "windows-8.1"
        set action deny
        end
        config os-check-list "windows-10"
        set action allow
        end
        config os-check-list "os-x-mavericks-10.9"
            set action deny
        end
        config os-check-list "os-x-yosemite-10.10"
            set action deny
        end
        config os-check-list "os-x-el-capitan-10.11"
            set action deny
        end
        config os-check-list "macos-sierra-10.12"
            set action deny
        end
        config os-check-list "macos-high-sierra-10.13"
            set action deny
        end
        config os-check-list "macos-mojave-10.14"
            set action deny
        end
        config os-check-list "macos-catalina-10.15"
            set action deny
        end
    next
end

Hemos marcado el guid de nuestro Kaspersky instalado en Windows 10, luego veremos como podemos obtenerlo de nuestro equipo. Dejo varias URLs donde nos da información de lo que es un guid (globally unique identifier) en Windows.

https://es.wikipedia.org/wiki/Identificador_%C3%BAnico_global 

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-2000-server/cc961625(v=technet.10)?redirectedfrom=MSDN

https://stackoverflow.com/questions/2153448/is-the-guid-generated-during-installation-common-for-xp-and-windows-7

config vpn ssl web host-check-software
    edit "Kasperky-AV-test"
        set os-type "windows" --> Default
        set type "av" --> Defaulr
        set version "2.21" -->  Desde esta versión y superior
        set guid "0AB30972-4BAC-7BEE-CBCA-B8F9E68797D8"
        config check-item-list --> Veremos en otro POST
    next
end

- CONFIGURACIóN del WINDOWS 10

Instalar antivirus Kaspersky y verificar que esta running

https://www.kaspersky.es/downloads/thank-you/antivirus-free-trial

(Prueba gartuita de 30 dias)

- Antivirus con licencia de 90 días y corriendo en nuestro sistema.

Vemos si el centro de seguridad de windows lo reconoce, esto es importante, ya que para que nuestro Forticlient detecte el antivirus tiene que ser reconocido por el Windows Defender del equipo.

Efectivamente, en el Windows Security Center tenemos nuestro AV de Kaspersky funcionando y el AV del Windows Defender que viene por defecto desactivado

Vamos a ver como conseguimos nuestro guid para poder configurarlo en nuestro Fortigate, para ello accedemos al Windows PowerShell y ejecutamos el siguiente comando

gwmi -Namespace root\securitycenter2 -Class AntivirusProduct

Copiamos el numero de instancia asociado al AV Kaspersky, como indica la imagen.

Una vez configurado todo esto, ya debería dejar de conectarnos, si hemos hecho algo mal nos mostrara el siguiente mensaje, indicando que algunas de las opciones de host-check o os-check no se están cumpliendo y por tanto denegándonos el acceso.

TROUBLESHOOTING

- Verficar el debug de la conexión SSL en el Fortigate

diag debug reset
diag debug enable
diagnose debug console timestamp enable
diag debug application fnbamd -1
diag deb app sslvpn -1
diagnose debug enable

1- HOST-CHECK funcionando (Ejemplo de conexión correcta)

2020-09-19 23:14:32 [229:root:205]allocSSLConn:289 sconn 0x551c2280 (0:root)
2020-09-19 23:14:32 [229:root:205]SSL state:before SSL initialization (192.168.50.10)
2020-09-19 23:14:32 [229:root:205]SSL state:before SSL initialization:DH lib(192.168.50.10)
2020-09-19 23:14:32 [229:root:205]SSL_accept failed, 5:(null)
2020-09-19 23:14:32 [229:root:205]Destroy sconn 0x551c2280, connSize=0. (root)
2020-09-19 23:14:32 [230:root:20b]allocSSLConn:289 sconn 0x55199280 (0:root)
2020-09-19 23:14:32 [230:root:20b]SSL state:before SSL initialization (192.168.50.10)
2020-09-19 23:14:32 [230:root:20b]SSL state:before SSL initialization (192.168.50.10)
2020-09-19 23:14:32 [230:root:20b]client cert requirement: no
2020-09-19 23:14:32 [230:root:20b]SSL state:SSLv3/TLS read client hello (192.168.50.10)
2020-09-19 23:14:32 [230:root:20b]SSL state:SSLv3/TLS write server hello (192.168.50.10)
2020-09-19 23:14:32 [230:root:20b]SSL state:SSLv3/TLS write certificate (192.168.50.10)
2020-09-19 23:14:32 [230:root:20b]SSL state:SSLv3/TLS write key exchange (192.168.50.10)
2020-09-19 23:14:32 [230:root:20b]SSL state:SSLv3/TLS write server done (192.168.50.10)
2020-09-19 23:14:32 [230:root:20b]SSL state:SSLv3/TLS write server done:system lib(192.168.50.10)
2020-09-19 23:14:32 [230:root:20b]SSL state:SSLv3/TLS write server done (192.168.50.10)
2020-09-19 23:14:32 [230:root:20b]SSL state:SSLv3/TLS read client key exchange (192.168.50.10)
2020-09-19 23:14:32 [230:root:20b]SSL state:SSLv3/TLS read change cipher spec (192.168.50.10)
2020-09-19 23:14:32 [230:root:20b]SSL state:SSLv3/TLS read finished (192.168.50.10)
2020-09-19 23:14:32 [230:root:20b]SSL state:SSLv3/TLS write session ticket (192.168.50.10)
2020-09-19 23:14:32 [230:root:20b]SSL state:SSLv3/TLS write change cipher spec (192.168.50.10)
2020-09-19 23:14:32 [230:root:20b]SSL state:SSLv3/TLS write finished (192.168.50.10)
.......
2020-09-19 23:14:32 [229:root:206]SSL state:SSLv3/TLS write server done (192.168.50.10)
2020-09-19 23:14:32 [229:root:206]SSL state:SSLv3/TLS write server done:system lib(192.168.50.10)
2020-09-19 23:14:32 [229:root:206]SSL state:SSLv3/TLS write server done (192.168.50.10)
2020-09-19 23:14:32 [229:root:206]SSL state:SSLv3/TLS read client key exchange (192.168.50.10)
2020-09-19 23:14:32 [229:root:206]SSL state:SSLv3/TLS read change cipher spec (192.168.50.10)
2020-09-19 23:14:32 [229:root:206]SSL state:SSLv3/TLS read finished (192.168.50.10)
2020-09-19 23:14:32 [229:root:206]SSL state:SSLv3/TLS write session ticket (192.168.50.10)
2020-09-19 23:14:32 [229:root:206]SSL state:SSLv3/TLS write change cipher spec (192.168.50.10)
2020-09-19 23:14:32 [229:root:206]SSL state:SSLv3/TLS write finished (192.168.50.10)
2020-09-19 23:14:32 [229:root:206]SSL state:SSL negotiation finished successfully (192.168.50.10)
2020-09-19 23:14:32 [229:root:206]SSL established: TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
2020-09-19 23:14:32 [229:root:206]req: /remote/logincheck
2020-09-19 23:14:32 [229:root:206]rmt_web_auth_info_parser_common:469 no session id in auth info
2020-09-19 23:14:32 [229:root:206]rmt_web_access_check:722 access failed, uri=[/remote/logincheck],ret=4103,
2020-09-19 23:14:32 [229:root:206]User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) [SV{v=01.01;}]
2020-09-19 23:14:32 [229:root:206]rmt_logincheck_cb_handler:1167 user 'iurrutxi' has a matched local entry.
2020-09-19 23:14:32 [229:root:206]sslvpn_auth_check_usrgroup:2166 forming user/group list from policy.
2020-09-19 23:14:32 [229:root:206]sslvpn_auth_check_usrgroup:2272 got user (0) group (1:0).
2020-09-19 23:14:32 [229:root:206]sslvpn_validate_user_group_list:1697 validating with SSL VPN authentication rules (1), realm ().
2020-09-19 23:14:32 [229:root:206]sslvpn_validate_user_group_list:1750 checking rule 1 cipher.
2020-09-19 23:14:32 [229:root:206]sslvpn_validate_user_group_list:1758 checking rule 1 realm.
2020-09-19 23:14:32 [229:root:206]sslvpn_validate_user_group_list:1769 checking rule 1 source intf.
2020-09-19 23:14:32 [229:root:206]sslvpn_validate_user_group_list:1808 checking rule 1 vd source intf.
2020-09-19 23:14:32 [229:root:206]sslvpn_validate_user_group_list:1923 rule 1 done, got user (0:0) group (1:0) peer group (0).
2020-09-19 23:14:32 [229:root:206]sslvpn_validate_user_group_list:2082 got user (0:0), group (1:0) peer group (0).
2020-09-19 23:14:32 [229:root:206]two factor check for iurrutxi: off
2020-09-19 23:14:32 [229:root:206]sslvpn_authenticate_user:191 authenticate user: [iurrutxi]
2020-09-19 23:14:32 [229:root:206]sslvpn_authenticate_user:198 create fam state
2020-09-19 23:14:32 [229:root:206][fam_auth_send_req_internal:405] Groups sent to FNBAM:
2020-09-19 23:14:32 [229:root:206]group_desc[0].grpname = GrupoSSL
2020-09-19 23:14:32 [229:root:206][fam_auth_send_req_internal:416] FNBAM opt = 0X100420
2020-09-19 23:14:32 local auth is done with user 'iurrutxi', ret=0
2020-09-19 23:14:32 [229:root:206]fam_auth_send_req_internal:476 fnbam_auth return: 0
2020-09-19 23:14:32 [229:root:206][fam_auth_send_req_internal:500] Authenticated groups by FNBAM:
2020-09-19 23:14:32 [229:root:206]auth_rsp_data.grp_list[0] = GrupoSSL
2020-09-19 23:14:32 [229:root:206][fam_auth_send_req_internal:568] The user iurrutxi is authenticated.
2020-09-19 23:14:32 [229:root:206]fam_do_cb:655 fnbamd return auth success.
2020-09-19 23:14:32 [229:root:206]SSL VPN login matched rule (1).
2020-09-19 23:14:32 [229:root:206]User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) [SV{v=01.01;}]
2020-09-19 23:14:32 [229:root:206]rmt_web_session_create:825 create web session, idx[0]
2020-09-19 23:14:32 [229:root:206]login_succeeded:524 redirect to hostcheck
2020-09-19 23:14:32 [229:root:206]User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) [SV{v=01.01;}]
2020-09-19 23:14:32 [229:root:206]deconstruct_session_id:426 decode session id ok, user=[iurrutxi],group=[GrupoSSL],authserver=[],portal=[full-access],host=[192.168.50.10],realm=[],idx=0,auth=1,sid=280079,login=1600550072,access=1600550072,saml_logout_url=no
........
2020-09-19 23:14:33 [230:root:20c]SSL state:SSL negotiation finished successfully (192.168.50.10)
2020-09-19 23:14:33 [230:root:20c]SSL established: TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
2020-09-19 23:14:33 [230:root:20c]req: /remote/hostcheck_validate
2020-09-19 23:14:33 [230:root:20c]deconstruct_session_id:426 decode session id ok, user=[iurrutxi],group=[GrupoSSL],authserver=[],portal=[full-access],host=[192.168.50.10],realm=[],idx=0,auth=1,sid=280079,login=1600550072,access=1600550072,saml_logout_url=no
2020-09-19 23:14:33 [230:root:20c]User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) [SV{v=01.01;}]
2020-09-19 23:14:33 [230:root:20c]deconstruct_session_id:426 decode session id ok, user=[iurrutxi],group=[GrupoSSL],authserver=[],portal=[full-access],host=[192.168.50.10],realm=[],idx=0,auth=1,sid=280079,login=1600550072,access=1600550072,saml_logout_url=no
2020-09-19 23:14:33 [230:root:20c]host check result:4 0100,10.0.17763,00:0c:29:5b:37:46|00:ff:8a:b7:72:d9
2020-09-19 23:14:33 [230:root:20c]deconstruct_session_id:426 decode session id ok, user=[iurrutxi],group=[GrupoSSL],authserver=[],portal=[full-access],host=[192.168.50.10],realm=[],idx=0,auth=1,sid=280079,login=1600550072,access=1600550072,saml_logout_url=no
2020-09-19 23:14:33 [230:root:20c]deconstruct_session_id:426 decode session id ok, user=[iurrutxi],group=[GrupoSSL],authserver=[],portal=[full-access],host=[192.168.50.10],realm=[],idx=0,auth=1,sid=280079,login=1600550072,access=1600550072,saml_logout_url=no
2020-09-19 23:14:33 [229:root:206]sslvpn_read_request_common,649, ret=-1 error=-1, sconn=0x55216280.
2020-09-19 23:14:33 [229:root:206]Destroy sconn 0x55216280, connSize=0. (root)
.......
2020-09-19 23:14:33 [228:root:209]req: /remote/fortisslvpn
2020-09-19 23:14:33 [228:root:209]deconstruct_session_id:426 decode session id ok, user=[iurrutxi],group=[GrupoSSL],authserver=[],portal=[full-access],host=[192.168.50.10],realm=[],idx=0,auth=1,sid=280079,login=1600550072,access=1600550072,saml_logout_url=no
2020-09-19 23:14:33 [228:root:209]deconstruct_session_id:426 decode session id ok, user=[iurrutxi],group=[GrupoSSL],authserver=[],portal=[full-access],host=[192.168.50.10],realm=[],idx=0,auth=1,sid=280079,login=1600550072,access=1600550072,saml_logout_url=no
2020-09-19 23:14:33 [228:root:209]User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) [SV{v=01.01;}]
2020-09-19 23:14:33 [230:root:20c]sslvpn_read_request_common,649, ret=-1 error=-1, sconn=0x55199280.
2020-09-19 23:14:33 [230:root:20c]Destroy sconn 0x55199280, connSize=0. (root)
2020-09-19 23:14:33 [229:root:207]allocSSLConn:289 sconn 0x551d1280 (0:root)

.........
2020-09-19 23:14:33 [229:root:207]req: /remote/fortisslvpn_xml
2020-09-19 23:14:33 [229:root:207]deconstruct_session_id:426 decode session id ok, user=[iurrutxi],group=[GrupoSSL],authserver=[],portal=[full-access],host=[192.168.50.10],realm=[],idx=0,auth=1,sid=280079,login=1600550072,access=1600550072,saml_logout_url=no
2020-09-19 23:14:33 [229:root:207]deconstruct_session_id:426 decode session id ok, user=[iurrutxi],group=[GrupoSSL],authserver=[],portal=[full-access],host=[192.168.50.10],realm=[],idx=0,auth=1,sid=280079,login=1600550072,access=1600550072,saml_logout_url=no
.......
2020-09-19 23:14:35 [230:root:20d]sslvpn_tunnel_handler,148, Calling tunnel.
2020-09-19 23:14:35 [230:root:20d]tunnelEnter:422 0x55199280:0x551a4000 sslvpn user[iurrutxi],type 1,logintime 0 vd 0
2020-09-19 23:14:35 [230:root:20d]sconn 0x55199280 (0:root) vfid=0 local=[212.81.209.10] remote=[192.168.50.10] dynamicip=[10.254.254.100]
2020-09-19 23:14:35 [230:root:20d]Prepare to launch ppp service...
2020-09-19 23:14:35 [230:root:20d]tun: ppp 0x551c4000 dev (ssl.root) opened fd 37
2020-09-19 23:14:35 [230:root:0]RCV: LCP Configure_Request id(1) len(14) [Maximum_Received_Unit 1354] [Magic_Number 45492277]
2020-09-19 23:14:35 [230:root:0]SND: LCP Configure_Request id(1) len(10) [Magic_Number 942CF56C]
2020-09-19 23:14:35 [230:root:0]lcp_reqci: returning CONFACK.
2020-09-19 23:14:35 [230:root:0]SND: LCP Configure_Ack id(1) len(14) [Maximum_Received_Unit 1354] [Magic_Number 45492277]
2020-09-19 23:14:35 [230:root:0]RCV: LCP Configure_Ack id(1) len(10) [Magic_Number 942CF56C]
2020-09-19 23:14:35 [230:root:0]lcp_up: with mtu 1354
2020-09-19 23:14:35 [230:root:0]SND: IPCP Configure_Request id(1) [IP_Address 212.81.209.10]
2020-09-19 23:14:35 [230:root:0]RCV: IPCP Configure_Request id(0) [IP_Address 0.0.0.0] [Primary_DNS_IP_Address 0.0.0.0] [Secondary_DNS_IP_Address 0.0.0.0]
2020-09-19 23:14:35 [230:root:0]ipcp: returning Configure-NAK
2020-09-19 23:14:35 [230:root:0]SND: IPCP Configure_Nak id(0) [IP_Address 10.254.254.100] [Primary_DNS_IP_Address 194.30.6.1] [Secondary_DNS_IP_Address 194.30.6.2]
2020-09-19 23:14:35 [230:root:0]RCV: IPCP Configure_Ack id(1) [IP_Address 212.81.209.10]
2020-09-19 23:14:35 [230:root:0]RCV: IPCP Configure_Request id(1) [IP_Address 10.254.254.100] [Primary_DNS_IP_Address 8.8.8.8] [Secondary_DNS_IP_Address 194.30.6.2]
2020-09-19 23:14:35 [230:root:0]ipcp: returning Configure-ACK
2020-09-19 23:14:35 [230:root:0]SND: IPCP Configure_Ack id(1) [IP_Address 10.254.254.100] [Primary_DNS_IP_Address 194.30.6.1] [Secondary_DNS_IP_Address 194.30.6.2]
2020-09-19 23:14:35 [230:root:0]ipcp: up ppp:0x551c4000 caller:0x55199280 tun:37
2020-09-19 23:14:35 [230:root:0]Cannot determine ethernet address for proxy ARP
2020-09-19 23:14:35 [230:root:0]local  IP address 212.81.209.10
2020-09-19 23:14:35 [230:root:0]remote IP address 10.254.254.100
2020-09-19 23:14:35 [230:root:20d]sslvpn_ppp_associate_fd_to_ipaddr:281 associate 10.254.254.100 to tun (ssl.root:37)
2020-09-19 23:14:40 [229:root:207]sslvpn_read_request_common,649, ret=-1 error=-1, sconn=0x551d1280.
2020-09-19 23:14:40 [229:root:207]Destroy sconn 0x551d1280, connSize=0. (root)
2020-09-19 23:14:40 [228:root:209]sslvpn_read_request_common,649, ret=-1 error=-1, sconn=0x55199280.
2020-09-19 23:14:40 [228:root:209]Destroy sconn 0x55199280, connSize=0. (root)

2- HOST CHECK FAILED (Ejemplo de conexión fallida)

2020-09-19 23:11:58 [230:root:0]total sslvpn policy count: 2
2020-09-19 23:11:58 [229:root:0]total sslvpn policy count: 2
2020-09-19 23:11:58 [166:root:0]total sslvpn policy count: 2
2020-09-19 23:11:58 [228:root:0]total sslvpn policy count: 2
2020-09-19 23:12:14 [229:root:203]allocSSLConn:289 sconn 0x55199280 (0:root)
2020-09-19 23:12:14 [229:root:203]SSL state:before SSL initialization (192.168.50.10)
2020-09-19 23:12:14 [229:root:203]SSL state:before SSL initialization:DH lib(192.168.50.10)
2020-09-19 23:12:14 [229:root:203]SSL_accept failed, 5:(null)
2020-09-19 23:12:14 [229:root:203]Destroy sconn 0x55199280, connSize=0. (root)
2020-09-19 23:12:14 [230:root:209]allocSSLConn:289 sconn 0x55199280 (0:root)
2020-09-19 23:12:14 [230:root:209]SSL state:before SSL initialization (192.168.50.10)
2020-09-19 23:12:14 [230:root:209]SSL state:before SSL initialization (192.168.50.10)
......
2020-09-19 23:12:14 [228:root:206]SSL state:SSLv3/TLS write change cipher spec (192.168.50.10)
2020-09-19 23:12:14 [228:root:206]SSL state:SSLv3/TLS write finished (192.168.50.10)
2020-09-19 23:12:14 [228:root:206]SSL state:SSL negotiation finished successfully (192.168.50.10)
2020-09-19 23:12:14 [228:root:206]SSL established: TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
2020-09-19 23:12:14 [228:root:206]req: /remote/login
2020-09-19 23:12:14 [228:root:206]rmt_web_auth_info_parser_common:469 no session id in auth info
2020-09-19 23:12:14 [228:root:206]rmt_web_get_access_cache:803 invalid cache, ret=4103
2020-09-19 23:12:14 [228:root:206]User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) [SV{v=01.01;}]
2020-09-19 23:12:14 [228:root:206]get_cust_page:129 saml_info 0
2020-09-19 23:12:14 [230:root:209]sslvpn_read_request_common,649, ret=-1 error=-1, sconn=0x55199280.
2020-09-19 23:12:14 [230:root:209]Destroy sconn 0x55199280, connSize=0. (root)
2020-09-19 23:12:14 [229:root:204]allocSSLConn:289 sconn 0x5519a280 (0:root)
2020-09-19 23:12:14 [229:root:204]SSL state:before SSL initialization (192.168.50.10)
2020-09-19 23:12:14 [229:root:204]SSL state:before SSL initialization (192.168.50.10)
2020-09-19 23:12:14 [229:root:204]client cert requirement: no
2020-09-19 23:12:14 [229:root:204]SSL state:SSLv3/TLS read client hello (192.168.50.10)
2020-09-19 23:12:14 [229:root:204]SSL state:SSLv3/TLS write server hello (192.168.50.10)
2020-09-19 23:12:14 [229:root:204]SSL state:SSLv3/TLS write certificate (192.168.50.10)
2020-09-19 23:12:14 [229:root:204]SSL state:SSLv3/TLS write key exchange (192.168.50.10)
2020-09-19 23:12:14 [229:root:204]SSL state:SSLv3/TLS write server done (192.168.50.10)
2020-09-19 23:12:14 [229:root:204]SSL state:SSLv3/TLS write server done:system lib(192.168.50.10)
2020-09-19 23:12:14 [229:root:204]SSL state:SSLv3/TLS write server done (192.168.50.10)
2020-09-19 23:12:14 [229:root:204]SSL state:SSLv3/TLS read client key exchange (192.168.50.10)
2020-09-19 23:12:14 [229:root:204]SSL state:SSLv3/TLS read change cipher spec (192.168.50.10)
2020-09-19 23:12:14 [229:root:204]SSL state:SSLv3/TLS read finished (192.168.50.10)
2020-09-19 23:12:14 [229:root:204]SSL state:SSLv3/TLS write session ticket (192.168.50.10)
2020-09-19 23:12:14 [229:root:204]SSL state:SSLv3/TLS write change cipher spec (192.168.50.10)
2020-09-19 23:12:14 [229:root:204]SSL state:SSLv3/TLS write finished (192.168.50.10)
2020-09-19 23:12:14 [229:root:204]SSL state:SSL negotiation finished successfully (192.168.50.10)
2020-09-19 23:12:14 [229:root:204]SSL established: TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
2020-09-19 23:12:14 [229:root:204]req: /remote/logincheck
2020-09-19 23:12:14 [229:root:204]rmt_web_auth_info_parser_common:469 no session id in auth info
2020-09-19 23:12:14 [229:root:204]rmt_web_access_check:722 access failed, uri=[/remote/logincheck],ret=4103,
2020-09-19 23:12:14 [229:root:204]User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) [SV{v=01.01;}]
2020-09-19 23:12:14 [229:root:204]rmt_logincheck_cb_handler:1167 user 'iurrutxi' has a matched local entry.
2020-09-19 23:12:14 [229:root:204]sslvpn_auth_check_usrgroup:2166 forming user/group list from policy.
2020-09-19 23:12:14 [229:root:204]sslvpn_auth_check_usrgroup:2272 got user (0) group (1:0).
2020-09-19 23:12:14 [229:root:204]sslvpn_validate_user_group_list:1697 validating with SSL VPN authentication rules (1), realm ().
2020-09-19 23:12:14 [229:root:204]sslvpn_validate_user_group_list:1750 checking rule 1 cipher.
2020-09-19 23:12:14 [229:root:204]sslvpn_validate_user_group_list:1758 checking rule 1 realm.
2020-09-19 23:12:14 [229:root:204]sslvpn_validate_user_group_list:1769 checking rule 1 source intf.
2020-09-19 23:12:14 [229:root:204]sslvpn_validate_user_group_list:1808 checking rule 1 vd source intf.
2020-09-19 23:12:14 [229:root:204]sslvpn_validate_user_group_list:1923 rule 1 done, got user (0:0) group (1:0) peer group (0).
2020-09-19 23:12:14 [229:root:204]sslvpn_validate_user_group_list:2082 got user (0:0), group (1:0) peer group (0).
2020-09-19 23:12:14 [229:root:204]two factor check for iurrutxi: off
2020-09-19 23:12:14 [229:root:204]sslvpn_authenticate_user:191 authenticate user: [iurrutxi]
2020-09-19 23:12:14 [229:root:204]sslvpn_authenticate_user:198 create fam state
2020-09-19 23:12:14 [229:root:204][fam_auth_send_req_internal:405] Groups sent to FNBAM:
2020-09-19 23:12:14 [229:root:204]group_desc[0].grpname = GrupoSSL
2020-09-19 23:12:14 [229:root:204][fam_auth_send_req_internal:416] FNBAM opt = 0X100420
2020-09-19 23:12:14 local auth is done with user 'iurrutxi', ret=0
2020-09-19 23:12:14 [229:root:204]fam_auth_send_req_internal:476 fnbam_auth return: 0
2020-09-19 23:12:14 [229:root:204][fam_auth_send_req_internal:500] Authenticated groups by FNBAM:
2020-09-19 23:12:14 [229:root:204]auth_rsp_data.grp_list[0] = GrupoSSL
2020-09-19 23:12:14 [229:root:204][fam_auth_send_req_internal:568] The user iurrutxi is authenticated.
2020-09-19 23:12:14 [229:root:204]fam_do_cb:655 fnbamd return auth success.
2020-09-19 23:12:14 [229:root:204]SSL VPN login matched rule (1).
2020-09-19 23:12:14 [229:root:204]User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) [SV{v=01.01;}]
2020-09-19 23:12:14 [229:root:204]rmt_web_session_create:825 create web session, idx[0]
2020-09-19 23:12:14 [229:root:204]login_succeeded:524 redirect to hostcheck
2020-09-19 23:12:14 [229:root:204]User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) [SV{v=01.01;}]
2020-09-19 23:12:14 [229:root:204]deconstruct_session_id:426 decode session id ok, user=[iurrutxi],group=[GrupoSSL],authserver=[],portal=[full-access],host=[192.168.50.10],realm=[],idx=0,auth=1,sid=669faf82,login=1600549934,access=1600549934,saml_logout_url=no
....
2020-09-19 23:12:15 [230:root:20a]SSL state:before SSL initialization (192.168.50.10)
2020-09-19 23:12:15 [230:root:20a]client cert requirement: no
2020-09-19 23:12:15 [230:root:20a]SSL state:SSLv3/TLS read client hello (192.168.50.10)
2020-09-19 23:12:15 [230:root:20a]SSL state:SSLv3/TLS write server hello (192.168.50.10)
2020-09-19 23:12:15 [230:root:20a]SSL state:SSLv3/TLS write certificate (192.168.50.10)
2020-09-19 23:12:15 [230:root:20a]SSL state:SSLv3/TLS write key exchange (192.168.50.10)
2020-09-19 23:12:15 [230:root:20a]SSL state:SSLv3/TLS write server done (192.168.50.10)
2020-09-19 23:12:15 [230:root:20a]SSL state:SSLv3/TLS write server done:system lib(192.168.50.10)
2020-09-19 23:12:15 [230:root:20a]SSL state:SSLv3/TLS write server done (192.168.50.10)
2020-09-19 23:12:15 [230:root:20a]SSL state:SSLv3/TLS read client key exchange (192.168.50.10)
2020-09-19 23:12:15 [230:root:20a]SSL state:SSLv3/TLS read change cipher spec (192.168.50.10)
2020-09-19 23:12:15 [230:root:20a]SSL state:SSLv3/TLS read finished (192.168.50.10)
2020-09-19 23:12:15 [230:root:20a]SSL state:SSLv3/TLS write session ticket (192.168.50.10)
2020-09-19 23:12:15 [230:root:20a]SSL state:SSLv3/TLS write change cipher spec (192.168.50.10)
2020-09-19 23:12:15 [230:root:20a]SSL state:SSLv3/TLS write finished (192.168.50.10)
2020-09-19 23:12:15 [230:root:20a]SSL state:SSL negotiation finished successfully (192.168.50.10)
2020-09-19 23:12:15 [230:root:20a]SSL established: TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384
2020-09-19 23:12:15 [230:root:20a]req: /remote/hostcheck_validate
2020-09-19 23:12:15 [230:root:20a]deconstruct_session_id:426 decode session id ok, user=[iurrutxi],group=[GrupoSSL],authserver=[],portal=[full-access],host=[192.168.50.10],realm=[],idx=0,auth=1,sid=669faf82,login=1600549934,access=1600549934,saml_logout_url=no
2020-09-19 23:12:15 [230:root:20a]User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) [SV{v=01.01;}]
2020-09-19 23:12:15 [230:root:20a]deconstruct_session_id:426 decode session id ok, user=[iurrutxi],group=[GrupoSSL],authserver=[],portal=[full-access],host=[192.168.50.10],realm=[],idx=0,auth=1,sid=669faf82,login=1600549934,access=1600549934,saml_logout_url=no
2020-09-19 23:12:15 [230:root:20a]host check result:4 0000,10.0.17763,00:0c:29:5b:37:46|00:ff:8a:b7:72:d9
2020-09-19 23:12:15 [230:root:20a]rmt_hcvalidate_cb_handler:403 hostcheck validation failed
2020-09-19 23:12:15 [230:root:20a]deconstruct_session_id:426 decode session id ok, user=[iurrutxi],group=[GrupoSSL],authserver=[],portal=[full-access],host=[192.168.50.10],realm=[],idx=0,auth=1,sid=669faf82,login=1600549934,access=1600549934,saml_logout_url=no
....
2020-09-19 23:12:15 [228:root:207]req: /FortiClientSslvpnClearCacheUrl/for/Wini
2020-09-19 23:12:15 [228:root:207]def: (nil) /FortiClientSslvpnClearCacheUrl/for/WininetLibrary/1/2/3/4/5/6/7/8/9/0/a/b/c/d/e/f/g/h/i/j/k/l/m/n/o/p/q/r/s/t
2020-09-19 23:12:17 [230:root:20a]rmt_check_conn_session:2157 delete connection 0x55199280 w/ web session 0
2020-09-19 23:12:17 [230:root:20a]Destroy sconn 0x55199280, connSize=0. (root)

Además podemos si seguimos teniedo problemas descargar el fichero de logs generado por el Forticlient.

Este es el mensaje que nos da el Forticlient para mac os X.

Como he comentado anteriormente, desde la versión 6.0, el forticlient ha dejado de ser gratuito para poder utilizar estas funcionalidades hay que contratar una subscripción.

En las siguientes blog veremos como controlar los accesos mediante mac, app running y clave del resgistro del sistema.

Espero que os haya gustado.

VPN SSL opciones de HOST-CHECK - Parte 1

- CONFIGURACION DEL FORTIGATE

- CONFIGURACIóN del WINDOWS 10

TROUBLESHOOTING

Entradas recientes

Comentarios

Formulario de suscripción