Forticlient - gpupdate via ZTNA

tomeks · ‎02-13-2025

I have about 150 computers that are very rarely directly connected to the internal network and connect to the central office via VPN.

I am implementing ZTNA connections instead of VPN. Is there a way for a client computer to retrieve GPO policies from AD through ZTNA? When I was using VPN, this problem did not exist.

I managed to solve SMB login by installing KDCPROXY, but I don't know how to handle GPO refresh?

I use Forticlient EMS 7.2.x

MZBZ · ‎02-13-2025

Upgrade to FortiOS 7.6.2 and EMS 7.4.1 with FCT 7.4.2 which allow UDP/TCP over ZTNA and redesigned ZTNA destination.

The new ZTNA destination in EMS/FCT can carry traffic destined to a specific IP/range/subnet/fqdn from port 0 to 65535 with a single config line (instead of 65535 lines in version 7.2) It can be practically a split tunnel VPN for that specific IP/range/subnet/fqdn (TCP or UDP)

ZTNA Destinations | FortiClient 7.4.1 | Fortinet Document Library

ZTNA application catalog 7.2.5 | FortiClient 7.2.0 | Fortinet Document Library

Support ZTNA destinations over UDP 7.4.1 | FortiClient 7.4.0 | Fortinet Document Library

*This is not a supported use case and TAC cannot provide support for it. Test and try it!

M. B.

tomeks · ‎02-14-2025

Now we have to wait until the Fortios 7.6.x and FortiClient 7.4.x branches mature. Probably another year to go.

Forticlient - gpupdate via ZTNA

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website