Now that I have all my users using SSL VPN similar to how our old Cisco AnyConnect was working I would like to start learning and then implementing ZTNA to better control the users.
My EMS Cloud, FortiClients and FortiGate all use ADFS for SAML. Is there anyway to setup ZTNA such that the groups the user is in controls their access to devices? For example. If I have a user in Dev group I want that user to be able to SSH to a CIDR address list. I also want them to be able to connect to HTTPS to another CIDR address list. Then I have a group like AppSupport that should only HTTPs to 2 different CIDR address groups. Then I might have a third user which has both AD groups (Dev and AppSupport) so they should be able to access the combined CIDRs.
Is this at all possible???
What
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello
Please refer to the following document to configure secure remote access in EMS which is essential to prohibit or allow access to IPSec or SSL VPN connection through zero trust tag
Hello
Please refer to the following document to configure secure remote access in EMS which is essential to prohibit or allow access to IPSec or SSL VPN connection through zero trust tag
Let me see if I can summarize this correctly. I can create ZTNA rules in EMS for each AD group assigning tags based on the groups. Then when the user VPNs in the FortiGate will see the TAGs and can apply security rules for each group in an ADDitive fashion. So that person a with Tag A and Tab B will get the rules for both tags but person b with only Tag A will only get the rules for Tag A.
Is that about it?
Yes that should work. Thank you
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1732 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.