This article details the implementation of Zero Trust Network Access (ZTNA) for SaaS applications using RADIUS authentication
FortiGate.
Once the ZTNA access proxy configuration for SaaS access is complete, the next step is to configure the authentication scheme and define the authentication rule to manage user verification.
Go to Policy & Objects -> Authentication Rules and select Authentication Schemes
Go to Policy & Objects -> Authentication Rules
Once the authentication Rule is set on the ZTNA proxy policy, select the user group.
From the FortiClient endpoint access any of the ZTNA destination SaaS applications say Webex. Popup gets triggered for the authentication and once the correct credentials is entered then the ZTNA proxy policy is matched.
User information can also be verified on the FortiGate with the help of the 'diagnose wad user list' command:
chameleon-kvm72 # diagnose wad user list
ID: 2, VDOM: root, IPv4: 10.5.18.235
user name : fortinet
worker : 0
duration : 156
auth_type : IP
auth_method : Basic
pol_id : 1
g_id : 2
user_based : 0
expire : no
LAN:
bytes_in=214873 bytes_out=1067135
WAN:
bytes_in=861993 bytes_out=117537
On the ZTNA traffic logs could see the source information is coming with a username and IP address:
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.