Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
RomT-Magic
New Contributor

VPN proxy

Hi,

 

We have an in-house web-based workspace that host our applications (iframe). So, our employees open the workspace and choose the relevant application from the applications list -and the application will open.

 

Some of the applications are only available from office network – we need to create some VPN proxy so an employee working from home will be able to request access to a specific application and we will validate it and give him a temp URL that loads this application under a session created for him without him needs to connect his computer to the VPN.

 

The process we are expecting is as follows:

  • User request access to application A
  • Our workspace application authenticates against the VPN server
    • app_id, app_secret
    • got token in response
  • Our workspace application request for VPN session in the name of the initiator user.
    • token, user email, URL (origin URL of application A)
  • VPN server sends MFA (if defined)
    • Our workspace application will allow user to enter the code and send it with relevant request.
  • VPN server generates a temporary URL (available for 10 seconds) that will redirect to the URL of the session where the user will be able to see application A.

 

The process does not require the end-user to install anything on his machine.

 

Do anyone has experience with that?

 

Thanks,

Yehuda.

5 REPLIES 5
Anthony_E
Community Manager
Community Manager

Hello Yehuda,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Anthony-Fortinet Community Team.
Anthony_E
Community Manager
Community Manager

Hello Yehuda,

 

Could you please precise which Fortinet product and which versions you are using?


Regards,

Anthony-Fortinet Community Team.
RomT-Magic

We want to perform the proxy to Magic products which are

 

FortiClient (any version)

FortiGate 600E ver 7.2.8

 

Thanks

Rom.

pminarik
Staff
Staff

Taken literally and at face value: I see an attempt to use something like OAuth 2.0, custom API integration to generate ephemeral URLs,... very custom.

 

What about ZTNA? That could be used as an authenticated reverse proxy that will provide access to your app. It does require FortiClient by default (client-certificate required to be able to utilize ZTNA-tag filtering), but as far as I am aware if you're willing to drop the ZTNA tags (not like you have a choice if you do not want to install any software on teh client), it should work without client-certs as well, just with authentication (basic, SAML, ...).

 

example doc: https://docs.fortinet.com/document/fortigate/7.4.5/administration-guide/461532/ztna-application-gate...

[ corrections always welcome ]
AliceBrooks
Visitor

Thank you so much for the link.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors