Hello everyone,
Since we did move to FortiClient EMS end of last year I do want to start diving into ZTNA now:
I do have a VLAN that is not connected to my windows domain server (Domain Controller, File-Server, ...). This VLAN is for third party machines and computers (robotics, PLC, IOT devices, ...)
Now there is a use case that some of our plc programmers want to work in this specific VLAN for the ease of access to the robotics but also need to access e.g. windows File-Server.
What is the easiest way to set it up? Basically I was thinking about creating a policy that only allows FortiClient EMS managed devices.
I do see the ZTNA Tags created from EMS in the FortiGate. Should I go for the "IP/MAC Based Access Control" in a "standard" FortiGate policy where I can secelt the ZTNA tags? Or do I need a full ZTNA policy?
ZTNA policies documentation seems to often point into a kind of webserver scenario - that is not really needed here. So do I need a ZTNA server with access proxy setup?
Solved! Go to Solution.
Basically since the segments are from the internal network (On-fabric), this is the easiest way. You may need to create other ZTNA tags (not using all) and allow access only for the hosts that are compliant and don't have any security concerns reported by EMS.
Basically since the segments are from the internal network (On-fabric), this is the easiest way. You may need to create other ZTNA tags (not using all) and allow access only for the hosts that are compliant and don't have any security concerns reported by EMS.
@ebilcariThank you very much! I did a test with one policy and it seems to work quite well so far :)
User | Count |
---|---|
2675 | |
1410 | |
810 | |
702 | |
455 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.