CONFIG HOSTCHECKING UPDATE

Level

vpn,modify

History

Appears in 4.8.0 ClientVersion appears in 4.8.1 OsVersionWin10VersionInterval becomes OsVersionWin10VersionRange in 4.8.1 OsVersionWin11VersionInterval becomes OsVersionWin11VersionRange in 4.8.1

Description

Update hostchecking configuration

Usage

[State=<0|1>] : Enable (1) or disable (0) the host checking feature. When enabled, at least one verification criterion must be enabled.
[Optional=<0|1>] : Make the host checking optional. This allows users using clients that do not support host checking (old Stormshield clients or non-Stormshield clients) to connect without host checking. Enabling this reduces the security level.
[OsVersionState=<0|1>] : Enable (1) or disable (0) the host OS version verification. When enabled, only a specified range of build numbers are allowed to connect. When enabled, at least one range must be provided in Win10VersionRange/Win11VersionRange.
[OsVersionWin10VersionRange=<build_number_min[,build_number_max]>] : Range of allowed Windows 10 build numbers. Build numbers range from 10000 to 99999
[OsVersionWin11VersionRange=<build_number_min[,build_number_max]>] : Range of allowed Windows 11 build numbers. Build numbers range from 20000 to 99999
[ClientVersionState=<0|1>] : Enable (1) or disable (0) the SSL VPN client version verification. When enabled, only a specified range of version numbers are allowed to connect. When enabled, a range must be provided in ClientVersionRange.
[ClientVersionRange=<version_min[,version_max]>] : Range of allowed SSL VPN client versions. Versions follow the major.minor.bugfix format.
[AntivirusState=<0|1>] : Enable (1) or disable (0) the host antivirus verification. When enabled, only allows hosts whose antivirus is enabled and up to date to connect.
[MachineDomainState=<0|1>] : Enable (1) or disable (0) host machine domain verification. When enabled, only allows hosts whose machine's domain belongs to specified domain to connect. When enabled, Name must be specified.
[MachineDomainNameList=<[domain_name_0,domain_name_n,...]>] : List of allowed machine domains. domain_name must be compliant with DNS Active Directory format.
[LocalFirewallState=<0|1>] : Enable (1) or disable (0) host local firewall verification. When enabled, only allows hosts whose local firewall is enabled to connect.
[LocalSESState=<0|1>] : Enable (1) or disable (0) host SES verification. When enabled, only allows hosts that have Stormshield Endpoint Security enabled and active to connect.
[UserDomainState=<0|1>] : Enable (1) or disable (0) host user domain verification. When enabled, only allows hosts whose currently logged user's domain belongs to the specified list to connect. When enabled, at least one domain must be specified in UserDomainNameList, unless MachineDomainState is enabled, in which case an empty list matches any non-empty value sent by the Stormshield VPN SSL client for the user domain name.
[UserDomainNameList=<[domain_name_0,domain_name_n,...]>] : List of allowed user domains. domain_name must be compliant with DNS Active Directory format.
[BlockAdminUserState=<0|1>] : Enable (1) or disable (0) host admin user verification. When enabled, only allows host users that do not have admin rights to connect.

Example

CONFIG HOSTCHECKING UPDATE State=0