Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
AEK
SuperUser
SuperUser

Subnet as ZTNA destination

Hi ZTNA admins

Can a subnet be used as ZTNA destination? E.g.: "10.1.1.0/24:443".

Actually EMS and FortiGate accept it as configuration without error, and we can see it propagated on the client as a ZTNA destination, however when I try access a host (e.g.: 10.1.1.20:443) from the client it seems not working.

So am I missing something or is it just not supported?

AEK
AEK
2 REPLIES 2
amrit
Staff
Staff

I don’t think ZTNA subnet is supported. Only host FQDN or IPs is  a valid parameter. ZTNA destinations are mapped to a Real server IP in the backend using ZTNA access proxy. It is not possible to use subnets in the ZTNA servers. https://docs.fortinet.com/document/forticlient/7.4.0/administration-guide/403758/ztna-destination

Amritpal Singh
AEK
SuperUser
SuperUser

Thanks for your response, Amritpal.

I understand and I find it logical.

In that case I think the user should be warned with an error message when he enters a subnet as destination.

AEK
AEK
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors