Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

ZTNA Solution

Hi, I wanted to ask about ZTNA. Is it mandatory to use a ZTNA server? If we don't use it, who handles user authentication and authorization? Will EMS itself or Fortigate do this?




Hello  @cctv ,


Thank you for contacting the Fortinet Forum portal.

-In general, even if you configure the ZTNA server on Fortigate with the public of Fortigate initial authentication based on rules and tags the client certificate is used to authenticate which is supposed to be sent from Forticlient EMS to all clients. If the certificates are not presented during checks, the connection will be rejected by Fortigate.

refer below article


Best regards,



If you feel the above steps helped resolve the issue, mark the reply as solved so that other customers can get it easily while searching for similar scenarios.

New Contributor

No, I don't think I understand you correctly. Is this ZTNA server an appliance? Is it a software? Or a virtual machine?
If this is a software like FortiClient, what should it be installed on? For example, Windows Server 2022 or CentOS with a specific resource, and we introduce the IP of that server to FortiGate as the ZTNA server?


And In this scenario, the authentication task is the responsibility of the Auth server like LDAP or Active Directory. So, what is the role of EMS?


Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors