Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
nalexiou
Staff & Editor
Staff & Editor

Created on ‎08-01-2025 02:47 AM

Article Id 404467

Technical Tip: How to add multiple TCP Forwarding ZTNA servers

Description This article describes how to configure multiple TCP Forwarding ZTNA servers.
Scope FortiOS.
Solution

It is possible to configure one TCP Forwarding ZTNA server via the GUI.

 

Capture1.PNG

 

Once a TCP Forwarding server is added, the option is greyed out, and it is not possible to configure multiple servers.

 

Capture2.PNG

 

Additional servers can be added via CLI as the example below:

 

config firewall access-proxy
    edit "test"
        set vip "test"
            config api-gateway
                edit 1
                    set url-map "/tcp"
                    set service tcp-forwarding
                        config realservers
                            edit 1
                                set address "gmail.com"
                            next
                            edit 2 <--
                                set address "FABRIC_DEVICE" <--
                            next
                        end
                next
            end
    next
end

 

Once the second server is added, the option to configure multiple servers is available via the GUI as well.

 

Capture4.PNG

 

This behaviour is by design as the GUI assumes most users use a single entry.
237
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.