| Description | This article describes how to add multiple Service/Server mappings for TCP forwarding in ZTNA for the GUI. |
| Scope |
FortiOS v7.4.2 and later. FortiOS v7.6.0 and later. |
| Solution |
To add multiple Service/Server mappings for TCP forwarding in ZTNA, real server mappings can now be configured directly from the Server/Server Mapping slide-in page in the GUI.
To enable this, the second real server entry must be created using the CLI. After this is done, further entries may be configured using either the CLI or the GUI. This behavior is by design.
In the example deployment, a ZTNA Server 'ZTNA_RDP' has one TCP Forwarding Service/Server mapping already with the server name bcc056:
config firewall address
When attempting to create a new Service/Server Mapping, the TCP Forwarding option is grayed out and cannot be selected.
The second server can be added via CLI as shown below.
Configure a firewall address matching the second internal server's IP address.
config firewall address edit To_HUB_NA_local_subnet_1 set subnet 172.16.1.15 255.255.255.255
config firewall access-proxy edit "ZTNA_RDP" set vip "ZTNA_RDP" config api-gateway edit 1 set url-map "/tcp" set service tcp-forwarding config realservers edit 1 set address "bcc056" set mappedport 3389 445 next edit 2 set address "To_HUB_NA_local_subnet_1" set mappedport 3389 next end next end next end
Go to Policy & Objects -> ZTNA -> ZTNA Server -> Edit ZTNA Server -> Select 'Create New' Service/Server Mapping. Multiple service/server mappings can now be added for TCP forwarding in the GUI.
 |
