*제약사항
(1) SSLVPN는,  forticlient v5.2만 가능(v5.4이상 연결안됨) 
(2) Endpoint Control는 5.4이상(v5.6 포함)에서 지원
*테스트결과
[외부접속 : SSLVPN - Host Check Software]
1-0. 환경 : FortiClient v5.2.6.0664
1-1. 단일설정 (3rd party체크프로그램으로 KakaoTalk.exe로 테스트)
config vpn ssl web host-check-software
    edit "KakaoTalk-2.5.6.1543"
        set type fw
        set version "2.5.6.1543"
        config check-item-list
            edit 1
                set type process
                set target "KakaoTalk.exe"
                set version "2.5.6.1543"
                set md5s "62765EA78EABD95DC986EC285165EB7C"
            next
        end
    next
end
config vpn ssl web portal
    edit "NICS-SSLVPN"
        set tunnel-mode enable
        set host-check custom
        set auto-connect enable
        set keep-alive enable
        set save-password enable
        set ip-pools "SSLVPN_192.168.221.[100-200]"
        set split-tunneling disable
        set host-check-policy "KakaoTalk-2.5.6.1543"
    next
end
1-2. 복합설정 (KakaoTalk.exe와 V3Lite.exe 모두 실행해야 만족 - AND조건)
config vpn ssl web host-check-software
    edit "NICSTECH"
        set type fw
        config check-item-list
            edit 1
                set type process
                set target "V3Lite.exe"
                set version "3.0.1.181"
                set md5s "8712E59F299F740DD0B5931788DB94EB"
            next
            edit 2
                set type process
                set target "KakaoTalk.exe"
                set version "2.5.6.1543"
                set md5s "62765EA78EABD95DC986EC285165EB7C"
            next
        end
    next
end
config vpn ssl web portal
    edit "NICS-SSLVPN"
        set tunnel-mode enable
        set host-check custom
        set auto-connect enable
        set keep-alive enable
        set save-password enable
        set ip-pools "SSLVPN_192.168.221.[100-200]"
        set split-tunneling disable
        set host-check-policy "NICSTECH"
    next
end
2-1. 테스트결과 (해당 파일 미동작시 : KakaoTalk.exe)

2-1. 단일테스트 (해당파일 동작시 : KakaoTalk.exe)


[내부접속 : endpoint-control profile]
1-0. 환경 : FortiClient v5.4.3.0870 / v5.6.0.1075 + FortiGate 5.4.5
1-1. 설정 (3rd party체크프로그램으로 KakaoTalk.exe로 테스트)
config endpoint-control profile
    edit "default"
        config forticlient-winmac-settings
            config forticlient-running-app
                edit 1
                    set app-name "KakaoTalk-2.5.6.1543"
                    set process-name "KakaoTalk.exe"
                    set app-sha256-signature "D3B4DEB0CAB4DE483CA7769CFC5289DCBBF30502626E15DE4A32B50E9F3287F5"
                next
            end
            set forticlient-log-upload disable
            set forticlient-vuln-scan disable
        end
        config forticlient-android-settings
        end
        config forticlient-ios-settings
        end
    next
end

2. 테스트 (compliance-action의 설정에 따른 변화)
FortiGate-VM64 # config endpoint-control profile
FortiGate-VM64 (profile) # edit default
FortiGate-VM64 (default) # config forticlient-winmac-settings
FortiGate-VM64 (forticlient-winm~ngs) # set compliance-action
block          Block.
warning        Warning.
auto-update    Auto update.
2-1. Compliance action=auto-update시해당 요소를 자동 다운로드하여 업데이트


2-2. Compliance action=block 및 warning시, 차단팝업 및 로그 알림
(가) Compliance에 맞지 않는 경우(KakaoTalk.exe미실행)