Technical Tip: How to add more than one server in ZTNA TCP forwarding
| Description | This article describes how to add more than one server in ZTNA TCP forwarding. |
| Scope | FortiGate ZTNA. |
| Solution | To add more than one server in ZTNA TCP forwarding using the FortiGate GUI, selecting 'Create New' will show the 'TCP forwarding' service as disabled.
This is an expected behavior. To add more than one TCP Forwarding Server, create it via the CLI.
Create a new firewall address object using the IP address of the destination server.
config firewall address edit linux-b set subnet 172.31.255.2 255.255.255.255 next end
After creating the firewall address object, add this new object as a new realserver in the ZTNA Server object.
config firewall access-proxy edit "ztna_server" config api-gateway edit 1 config realservers edit 0 set address "linux-b" set mappedport 22 next end end end After this, the new address object will be available in TCP forwarding.  |