| Description | ZTNA Option is greyed out in feature visibility on FortiGate. |
| Scope | FortiGate. |
| Solution |
This article describes how to resolve a scenario where System -> Feature Visibility -> Zero Trust Network Access is greyed out.
To enable it from GUI it needs first the below settings must be enabled from CLI: config system global
set proxy-and-explicit-proxy enable
end
config system settings set gui-proxy-inspection enable
end
In v7.4.4 or later, the ZTNA feature is not available in a lower-end model with 2GB RAM such as FortiGate and FortiWiFi 40F, 60E, 60F, 80E, and 90E series of devices and their variants, and FortiGate-Rugged 60F (2 GB versions only).
Note: In v7.6.3, entry-level FortiGate platforms with 2 GB memory now support ZTNA tags in IP/MAC-based access control. Once registered with the EMS server, they can synchronize posture tags and IP/MAC addresses for use in firewall policies.
ZTNA options are not available in the GUI until the CLI has been configured. Once ZTNA has been enabled and the tags configured for the policy in the CLI, the ZTNA Security posture tags are available in the GUI.
For more information, check this document: ZTNA tags on 2 GB entry-level platforms in IP/MAC-based access control 7.6.3. |
