Description | This article describes how to implement ZTNA Destination in FortiClient EMS for ZTNA TCP forwarding. |
Scope | FortiClient, FortiClient EMS. |
Solution |
Starting with v7.0.4 and FortiClient v7.0.3, it is possible to leverage ZTNA TCP Forwarding Access Proxy rules to connect to internal resources without needing a VPN connection.
This article can be configured with FortiClient EMS instead of FortiClient settings in the administration guide below. The display format of ZTNA Destination in the FortiClient EMS GUI differs between 7.0 and 7.2. This article provides example configurations for each version: ZTNA TCP forwarding access proxy example
The topology is as below:
To create a ZTNA Destination in FortiClient EMS v7.0:
To create a ZTNA Destination in FortiClient EMS v7.2.0, v7.2.4:
6. Select Add. 7. Set the Private Application Name to SSH-FAZ. This is the name as it is listed in ZTNA DESTINATION in the FortiClient console. 8. Set Destination to 10.88.0.2:22. This is the real IP address and port of the server. 9. Select Next the SaaS Application displayed, and select Finish.
10. Select Save on the ZTNA Destinations Profile. Apply the created profiles to policies as needed.
To confirm that ZTNA Destination configurations in FortiClient:
1. Go to the ZTNA Destination tab in the FortiClient console. 2. Confirm that the configurations are as shown below.
|
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.