Hello,
I have a few laptops for teleworking guys, most of the time workstations are not coming back on fabric.
What is the best way to provide access to EMS server remotely without VPN access ?
Regards
Laurent
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
It's safe to do a port forwarding/NAT for 443 and 8013 like shown also in the guide.
Hello Emirjon,
Thank you for your reply, this is the first configuration applied. Now I'm looking forward to limit VIP access using ZTNA or another process.
Globally 90% of the EMS clients are located inside the network, do you force them to use the public VIP or is it possible to configure a separated off-fabric EMS server for roaming laptops ?
Regards,
Usually it's recommended to use full ZTNA (proxy) for remote users (off-Fabric) and use only ZTNA tags (IP/MAC based access control) in firewall policies for on-Fabric users and allow access directly to the servers without proxy.
Excellent, question now, do you have a nice howto guide for that specific configuration ?
I'm asking because the only option I keep when disconnected from EMS is Telemetry and Remote acces. I'm loosing ZTNA destination and of course internal mappings.
You can refer to our video library for step by step configurations. Check this video here Getting Started with ZTNA or this one ZTNA Access for SSH and SMB Applications
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1702 | |
1092 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.