Forticlient EMS 7.2 and FQDN

chedstrom · ‎08-21-2024

Fortigate 7.2.9

Forticlient 7.2.4.0972

Forticlient EMS 7.2.4.983

I've gotten this to work using just the internal IP address over ZTNA for connecting to an RDP server.

I followed the steps to configure ZTNA for use with FQDN (ZTNA TCP forwarding access proxy with FQDN example | FortiGate / FortiOS 7.2.0 | Fortinet Document L...)

When I do a name resolution for my RDP server, it resolves to the VIP 10.235.0.3, as expected. Yet when I try to connect, it fails.

Is there a better document for using FQDN with ZTNA since the document is for 7.2.0 and my fortigate is 7.2.9?

Hatibi · ‎08-22-2024

Hello @chedstrom,

you can check following guide that shows the config related top FQDN-based ZTNA TCP forwarding proxy.

https://docs.fortinet.com/document/forticlient/7.0.3/administration-guide/814327/fqdn-based-ztna-tcp...

Regards

chedstrom · ‎08-22-2024

7.2 and later no longer modifies the host files so why would I go backwards?

AEK · ‎08-22-2024

When you ping the related FQDN from FGT does it resolve it to its IP address?

AEK

chedstrom · ‎08-22-2024

The VIP or the inside IP? See my original post.

AEK · ‎08-22-2024

I mean from the FortiGate, not from the client.

AEK

chedstrom · ‎08-22-2024

Why would the public IP need to accept ICMP?

AEK · ‎08-23-2024

I mean DNS resolution. In case you use FQDN in your ZTNA server config, can your FG resolve the FQDN of your back-end server to its correct IP address?

AEK

chedstrom · ‎08-23-2024

Yes the server behind the Fortigate can be resolved by its FQDN and responds to ICMP from the Fortigate.

Forticlient EMS 7.2 and FQDN

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website