| Description | When configuring a ZTNA server, load balancing, TCP forwarding, and SAML can be configured from GUI. |
| Scope | For v7.0.2 and above. |
| Solution |
Load balancing.
Load balancing can be configured when adding or editing a service or server mapping.
When adding a load balancing server: - If the load balancing method is Weighted then the weight can be included.
- If the method is HTTP Host an HTTP host server domain name can be included in the HTTP header that is forwarded to the real server.
TCP forwarding and SSH.
TCP forwarding can be selected as the service when adding or editing a service or server mapping.
Add servers from firewall addresses. Enable Enable Additional SSH Option to configure a client certificate and host key validation.
A client certificate allows users to perform one-time user authentication to authenticate the SSH access proxy. See ZTNA SSH access proxy example for details. Select a certificate from the drop-down list, or create a new one.
Host key validation allows the ZTNA proxy to validate the SSH server using the host key before forwarding traffic to it.
Select the Host key field to add or create an SSH host key.
SAML.
SAML can be enabled when configuring a ZTNA server, and a SAML SSO server can be selected or created.
If the SAML SSO server does not have an authentication scheme or rule associated with it, warnings are shown.
Select 'Configure' in each warning to add an authentication scheme and rule.
 |
