Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
lboaventura1990
Staff
Staff

Created on ‎08-12-2025 10:32 AM Edited on ‎08-15-2025 08:43 AM By Staff

Article Id 405612

Technical Tip: How to add more than one server in ZTNA TCP forwarding

Description This article describes how to add more than one server in ZTNA TCP forwarding.
Scope FortiGate ZTNA.
Solution To add more than one server in ZTNA TCP forwarding using the FortiGate GUI, selecting 'Create New' will show the 'TCP forwarding' service as disabled.

1.png

 

2.png

 

This is an expected behavior. To add more than one TCP Forwarding Server, create it via the CLI.

 

Create a new firewall address object using the IP address of the destination server.

 

config firewall address
    edit linux-b
        set subnet 172.31.255.2 255.255.255.255
    next
end

 

After creating the firewall address object, add this new object as a new realserver in the ZTNA Server object.

 

config firewall access-proxy
    edit "ztna_server"
        config api-gateway
            edit 1
                config realservers
                    edit 0
                        set address "linux-b"
                        set mappedport 22
                    next
                end
            end
        end

After this, the new address object will be available in TCP forwarding.

3.png
177
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.