Created on
11-26-2023
10:36 PM
Edited on
10-25-2024
01:01 AM
By
Anthony_E
This article provides the lists of resources related to ZTNA Access proxy and ZTNA IP/MAC Control applied to various features in FortiGate.
It has been organized in six sections that cover ZTNA usage in:
FortiGate v7.0, v7.2, v7.4, FortiClient EMS v7.0, FortiClient v7.0, FortiSASE.
Sample of ZTNA Deployment for most common use cases - Access proxy and Secure Access (IP/MAC Control).
See the below list of resources for help in configuring and troubleshooting SAML Authentication in FortiGate.
ZTNA Resource Center |
Title |
Description |
ZTNA Portal Page for a centralized resource center. | |
ZTNA Architecture guide with design concepts and considerations. | |
ZTNA Deployment guide with design concepts and considerations. | |
ZTNA Posture check based on ZTNA Tagging rule sets. | |
ZTNA troubleshooting and debugging commands. | |
ZTNA troubleshooting scenarios. |
EMS and FortiGate Sync |
Title |
Description |
Configuring FortiClient EMS | Establishing FortiClient EMS Security Fabric Connector. |
Synchronizing FortiClient ZTNA tags | Configuring ZTNA Tags synchronization. |
Troubleshooting FortiGate with EMS | Troubleshooting tips for Security FortiClient EMS Fabric Connector. |
How to delete ZTNA Tags | Automatic and manual deletion process of ZTNA Tags. |
ZTNA Tags fail to synchronize between FortiClient EMS and FortiGate | Object Tagging blocking ZTNA Tags synchronization. |
How to check if FortiGate is authorized by the EMS server via CLI | CLI commands to check whether FortiGate has been authorized in EMS. |
'Endpoint Control' feature not visible under Feature Visibility after upgrade to FortiOS v7.4.0 | Endpoint Control configuration can be controlled by Feature Visibility in FortiOS 7.4.0+. |
ZTNA Access Proxy - Full ZTNA |
Title |
Description |
How to read FortiGate WAD debugs from ZTNA TCP-Forwarding connection with SAML Authentication |
Explanation of how to read WAD debugs for ZTNA Access Proxy connections. |
Accessing multiple web servers hosted via single ZTNA Server - Access Proxy (HTTP/HTTPS type) |
Leveraging Virtual Host to access multiple servers via a single ZTNA Access Proxy Server. |
Behavior of ZTNA Tags shared across multiple vdoms and multiple FortiGate units |
Unable to ZTNA Tags across multiple VDOMs and multiple FortiGates. |
Unable to manage FortiGate via ZTNA Access Proxy after firmware upgrade to 7.0.6 or higher |
Limitation to administrative access to FortiGate via Access Proxy. |
How to configure ZTNA Session Based Authentication with MFA token |
ZTNA Session-Based Authentication with MFA token. |
ZTNA TCP Forwarding Access Proxy (ZTAP) for File Shares (SMB) |
File Share Access via ZTNA Access proxy. |
File Share Access via KDC Proxy endpoint protected by ZTNA Access Proxy. | |
Unable to match firewall policy with ZTNA type when interface assigned to ZTNA VIP is a SDWAN member |
Unable to match ZTNA Firewall policy when SD-WAN is enabled. |
Unable to match ZTNA proxy policy or ZTNA firewall policy when SAML authentication is enabled |
Unable to match ZTNA proxy or firewall policy when FortiAuthenticator is used as SAML IdP. |
Unable to match ZTNA Proxy Policy when GeoIP is used in the source address field. | |
Unable to access resources protected via ZTNA Access proxy TCP Forwarding when On-Net |
ZTNA Destinations for TCP Forwarding are inaccessible when the endpoint is OnSite. |
Creating On-Fabric Detection Rules to control ZTNA Destinations Profile |
Controlling ZTNA Destination profile based on On-Fabric Detection Rules. |
How to check ZTNA traffic logs on FortiGate when only FortiAnalyzer logging is enabled |
Unable to see ZTNA Traffic Logs from FortiAnalyzer. |
Comparison between ZTNA Access Proxy Policies and ZTNA Firewall Policies. | |
ZTNA traffic denied because of failed to match a proxy-policy |
ZTNA policy matching fails when ZTNA Tags are applied. |
Leveraging ZTNA TCP Forwarding to target a private-hosted Web Proxy | |
ZTNA user blocked with error 'Denied: cert auth failed, cert-status:untrusted fail-reason:(null)' |
ZTNA Access Proxy blocked by untrusted Certificate between FortiGate and FortiClient EMS Security Fabric Connector. |
Unable to connect to ZTNA Access Proxy server when FIPS-CC is enabled on FortiGate |
ZTNA Access proxy connections to FIPS-CC-enabled FortiGate may fail. |
ZTNA Tag Matching logic for ZTNA and Standard Firewall policies |
ZTNA Tag matching logic for secondary tag type and ZTNA Firewall Policies. |
504 DNS look up failed' on FortiClient for ZTNA access proxy using FQDN |
ZTNA Access proxy error '504 DNS lookup failed' when using FQDN to access the ZTNA server. |
ZTNA Secure Access - IP/MAC Control |
Title |
Description |
ZTNA IP MAC based access control example | ZTNA NAC Control example. |
Assigning a VLAN via NAC policies controlled by ZTNA tags from EMS | NAC policies for Switch Controller with ZTNA Tags. |
Resolve error 'DYNAMIC_ADDRESS_UPDATE_RETVAL_CMDB_ERROR' when trying to process/import ZTNA tags | Error when trying to import ZTNA tags. |
Configuring wireless NAC support with ZTNA Tags | NAC policies for Wireless Controller with ZTNA Tags. |
Implementing ZTNA for SaaS Applications with RADIUS Authentication | Implementation of Zero Trust Network Access (ZTNA) for SaaS applications using RADIUS authentication. |
SSL VPN - FortiClient and FortiGate |
Title |
Description |
ZTNA device certificate verification from EMS for SSL VPN connections | Enabling SSLVPN Certificate authentication with ZTNA Certificate. |
Secure remote access configuration guide | Restricting Access to SSL VPN Connections based on ZTNA Tags. |
Connect to Remote Desktop Server (RDS) farm over ZTNA Access Proxy | Configuration to make an RDP connection into a server in the RDS (Remote Desktop Server) farm over the ZTNA Access Proxy. |
FortiSASE - Access Proxy and Secure Access |
Title |
Description |
FortiSASE Endpoint with ZTNA Shortcuts Deployment |
FortiSASE agent-based ZTNA Access proxy configuration. |
SPA Using ZTNA Deployment Guide |
ZTNA Access Proxy and Secure Access deployment guide. |
List of Resource Lists: Technical Tip: FortiGate Resource Lists
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.