Dear Colleagues,
I'm currently implementing ZTNA in our Company. In Order to do this, I connect a lot of internal Services to ZTNA. There is no problem connecting Services, directly connected to the firewall (in local VLANs) but we have several VPN Site to Site Tunnels connected as well with a lot of services behind those tunnels (mostly in running AWS). Now the problem with it is that I need to use a NAT IP in the Proxy-Policy (set poolname ...) to get a proper IP to route through the Tunnels and to open in the corresponding security groups on AWS side. Its described here:
https://docs.fortinet.com/document/fortigate/7.2.0/new-features/230508/using-the-ip-pool-or-client-i...
But as there is no possibility to do this in UI (FortiOS 7.2.6), I need to add this in the CLI for each Policy. This is a lot of stupid work and so I come to the question: is there a possibility to set a default IP or IP-Range to connect to backend servers by all Proxy-Policies?
thank you in advance
best, stephan
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello Stephan_s, Good day!
Thanks for reaching out.
As of now, you can only configure the ip-pool/ poolname using the CLI.
Please refer: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Accessing-multiple-web-servers-hosted-via-...
Note:
If a real server is hosted across an IPsec tunnel, and no IP address has been configured to the tunnel interface, a new setting 'set poolname' can be leveraged in FortiOS 7.0.6+, 7.2.0+, and 7.4.0+ as per document below. This setting can be configured from CLI only.
Please let me know if you have more questions.
thanks.
Hello lgupta,
thank you for your reply. So basically I have to wait for a GUI implementation.
thanks,
best stephan
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1709 | |
1093 | |
752 | |
446 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.