| Description | This article describes a ZTNA access proxy configuration example. |
| Scope | FortiOS, FortiClient. |
| Solution |
This article focuses on a TCP forwarding access proxy configured for RDP connections.
Network Diagram:
In this example, FortiGate has a successful connection with FortiClient EMS, and ZTNA tags are synced to the FortiGate.
EMS is deployed on the Winserver and the same server has port 3389 open for the RDP connection.
Configuration details: On FortiGate, navigate to Policy & Objects -> ZTNA -> ZTNA Server and configure the access proxy VIP for the RDP access:
To configure the mapped port and TCP forwarding to the access proxy VIP, edit Service/Server mapping and configure the settings as follows:
The address object for the forwarding server is configured as follows:
Here, a proxy firewall policy with the 'ZTNA' type is configured with its destination as the ZTNA server and destination as the real server address, and ZTNA tags are enforced:
On the FortiClient, ZTNA destinations are configured as follows:
On the client PC, navigate to RDP and open the connection for the internal server IP, and successful connection will provide RDP access.
Logs for the successful RDP connection:
Debugging:
diagnose debug disable diagnose deb reset diagnose wad filter clear diagnose deb console time en diagnose wad filter src x.x.x.x diagnose wad debug enable level verbose diagnose debug enable |
