Hi,
I am quite new to fortigate and ZTNA. But anyway I got a fortigate and a FortiEMS set up, they are connected through fabric.
I have set up a ZTNA Server and have TCP forwarding to some RDP servers. It works even though only running TCP is killing the Terminal Server performance.
So to the problem, I am trying to set up a reverse web proxy against an internal server where I need to pass authentication. So I tried to make create a authentication schema and I get the prompt and I am authenticated but it is never passed to the backend server. So my question is, is this at all possible?
The backend server is a common IIS with Negotiate and NTLM as authentication.
my goal is to expose this server to the internet and in best case have a transparent authentication of the logged in user in the windows client all the way trough the reverse proxy into the internal server.
I have done it with TCP forwarding of port 443 but a reverse web proxy is probably a better choice if possible.
Any input is appreciated
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello,
Yes, it is possible to set up a reverse web proxy against an internal server and pass authentication to the backend server. To achieve this, you will need to configure the FortiGate to forward authentication requests to the backend server.
Here are the steps to configure FortiGate ZTNA forward authentication to backend server:
1. Create an authentication schema that matches the authentication method used by the backend server (Negotiate and NTLM).
2. Create a virtual server that listens on the appropriate port (80 or 443) and uses the authentication schema.
3. Configure the virtual server to forward requests to the backend server.
4. Enable authentication forwarding on the virtual server.
5. Test the configuration to ensure that authentication is passed to the b
ackend server.
Hello,
Yes, it is possible to set up a reverse web proxy against an internal server and pass authentication to the backend server. To achieve this, you will need to configure the FortiGate to forward authentication requests to the backend server.
Here are the steps to configure FortiGate ZTNA forward authentication to backend server:
1. Create an authentication schema that matches the authentication method used by the backend server (Negotiate and NTLM).
2. Create a virtual server that listens on the appropriate port (80 or 443) and uses the authentication schema.
3. Configure the virtual server to forward requests to the backend server.
4. Enable authentication forwarding on the virtual server.
5. Test the configuration to ensure that authentication is passed to the b
ackend server.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1561 | |
1034 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.