Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
kfaebu
New Contributor II

BUG ZTNA GeoLocation and ZTNA Tag Groups

Hello together
I encountered two problems with the ZTNA deployment.

1. proxy policies can no longer work with Geolocations, i.e. as soon as Geo Location has been defined as the source, the proxy policy can no longer perform matches even though the IP in the database originates from Switzerland.

2. if I have two defined tag groups on a policy (e.g. Windows tag group and Linux TAG group), it is also no longer possible to match a policy(tag selection in policy set to any).

Have anybody already had experience with this?

Thanks for your support and kind regards
Fabian

 

FortiOS 7.2.8

FortiEMS 7.2.4

 

FortiClient FortiGate #ztna

"Life would be so much easier if we only had the source code."
"Life would be so much easier if we only had the source code."
2 REPLIES 2
Anthony_E
Community Manager
Community Manager

Hello,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Anthony-Fortinet Community Team.
smaruvala
Staff
Staff

Hi,

 

Geographic address objects are not supported by ZTNA Rules/Proxy policies and they make FortiGate ignore the policy they are in. Please refer the below KB.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Use-of-geographic-address-objects-on-ZTNA-...

 

Regards,

Shiva

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors