EMS external access best practice.

lpi · ‎10-17-2023

Hello,

I have a few laptops for teleworking guys, most of the time workstations are not coming back on fabric.

What is the best way to provide access to EMS server remotely without VPN access ?

Regards

Laurent

ebilcari · ‎10-17-2023

It's safe to do a port forwarding/NAT for 443 and 8013 like shown also in the guide.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.

lpi · ‎10-17-2023

Hello Emirjon,

Thank you for your reply, this is the first configuration applied. Now I'm looking forward to limit VIP access using ZTNA or another process.

Globally 90% of the EMS clients are located inside the network, do you force them to use the public VIP or is it possible to configure a separated off-fabric EMS server for roaming laptops ?

Regards,

ebilcari · ‎10-19-2023

Usually it's recommended to use full ZTNA (proxy) for remote users (off-Fabric) and use only ZTNA tags (IP/MAC based access control) in firewall policies for on-Fabric users and allow access directly to the servers without proxy.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.

lpi · ‎10-19-2023

Excellent, question now, do you have a nice howto guide for that specific configuration ?

I'm asking because the only option I keep when disconnected from EMS is Telemetry and Remote acces. I'm loosing ZTNA destination and of course internal mappings.

ebilcari · ‎10-20-2023

You can refer to our video library for step by step configurations. Check this video here Getting Started with ZTNA or this one ZTNA Access for SSH and SMB Applications

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.

EMS external access best practice.

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website