Fortigate 7.2.9
Forticlient 7.2.4.0972
Forticlient EMS 7.2.4.983
I've gotten this to work using just the internal IP address over ZTNA for connecting to an RDP server.
I followed the steps to configure ZTNA for use with FQDN (ZTNA TCP forwarding access proxy with FQDN example | FortiGate / FortiOS 7.2.0 | Fortinet Document L...)
When I do a name resolution for my RDP server, it resolves to the VIP 10.235.0.3, as expected. Yet when I try to connect, it fails.
Is there a better document for using FQDN with ZTNA since the document is for 7.2.0 and my fortigate is 7.2.9?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello @chedstrom,
you can check following guide that shows the config related top FQDN-based ZTNA TCP forwarding proxy.
Regards
7.2 and later no longer modifies the host files so why would I go backwards?
When you ping the related FQDN from FGT does it resolve it to its IP address?
The VIP or the inside IP? See my original post.
I mean from the FortiGate, not from the client.
Why would the public IP need to accept ICMP?
I mean DNS resolution. In case you use FQDN in your ZTNA server config, can your FG resolve the FQDN of your back-end server to its correct IP address?
Created on 08-23-2024 11:14 AM Edited on 08-23-2024 11:44 AM
Yes the server behind the Fortigate can be resolved by its FQDN and responds to ICMP from the Fortigate.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1561 | |
1034 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.