Hello,
how i can configure SSL VPN tunnel-mode with ZTNA tags by ZTNA simple Policy
i try to find any article to check this configuration but i did not found , so if any one can provide me with any article describe this configuration
Hi Amr
I deployed EMS 7.0.x two years ago so I don't have fresh memory, but I remember that clients must have access to EMS port 8013 (and probably 10443), so they get the required tags.
I hope I'm not wrong.
Then on FortiGate (FOS 7.0.x) we added firewall policy from SSL-VPN to Internal using tags, in order to allow traffic from managed clients only.
That was on EMS 7.0.x and with FortiGate 7.0.x, so in case you use 7.2.x then you may check if something changed around this because there are usually some changes between versions.
Hi Amr_Ali,
You can try the following which was mentioned in this https://community.fortinet.com/t5/Support-Forum/Fortigate-ZTNA-Tag-added-in-policy-SSLVPN-cannot-acc...
I have a functioning setup with the following:
- one policy from VPN to DNS and no tag (client needs to be able to resolve EMS FQDN before reaching EMS)
- one policy from VPN to EMS and no tag (client needs to connect to EMS first through VPN tunnel before getting updated tags)
- one default policy from VPN to local LAN and tags set
If FortiGate does not associate the tunnel IP with the tags (and it can only do that when EMS associates the tags with tunnel IP as well), then no access is possible.
Thank you.
Regards,
Paulo
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1061 | |
887 | |
527 | |
441 | |
151 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.