Skip to main content
bfig90
bfig90
Explorer
November 5, 2024
Question

Zero Trust Fabric Agent with proxy

  • November 5, 2024
  • 1 reply
  • 2231 views

Hello everyone,

In our environment we do have BYOD and Domain devices.

 

For the BYOD the connection of Zero Trust Fabric Agent with EMS is perfectly fine.

 

But we do have problems with the domain devices. Is there a way to tell the Zero Trust Fabric Agent to bypass dhe proxy that the endpoints have on their regedit ?

 

#FortiClient EMS #ZeroTrustFabricAgent

1 reply

AEK
SuperUser
AEK
SuperUser
November 5, 2024

Hello

If I understand your request you want the domain devices not use the ZTNA proxy. In that you just need to create different policies, on for domain devices and one for others.

Then the policy for the domain devices should have ZTNA profile disabled.

AEK
    bfig90
    bfig90Author
    Explorer
    November 14, 2024

    My request is not related to ZTNA but to the FortiClient.exe it self running on users endpoint. I managed to solve this using as a workaround the bypass proxy on the regedit by telling to bypass (proxy override) the following: C:\Program Files\Fortinet\FortiClient\FortiTray.exe

     

     

     

    Hatibi
    Staff & Editor
    Hatibi
    Staff & Editor
    November 14, 2024

    You can use ZTNA IP MAC based for your internal domain pcs.

    This mode does not require the use of the access proxy, and only uses security posture tags for access control.

    https://docs.fortinet.com/document/fortigate/7.4.5/administration-guide/477578/ztna-ip-mac-based-access-control-example

      Terms & ConditionsAccessibility statement