- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ZTNA TCP Forwarding - Windows host file didn`t update
Hi,
I`m fairly new with the fortinet products, currently testing some features like EMS connected to the FortiGate via Secure Fabric and ZTNA and i`m facing problem with access to the desired https but with the TCP Forwarding in FortiGate(from what i understand i i can use HTTPS instead of TCP forwarding but this force me to create DNS for example CloudFlare )
Long story short i want to be able access internal website via ZTNA without additional DNS entries.
I found in the documentation that i`m suposed to create in EMS ZTNA Destination, telemetry should update the host file located in C:\Windows\System32\drivers\etc.
I try this step by step but the host file didn`t update and my site shows only ZTNA Access Denied. Details: API Gateway Denied
Link to the Documentation
Section:
Upon creating the ZTNA rules, two new entries are added to the Windows PC’s host file in folder C:\Windows\System32\drivers\etc. View the file, and observe the new entries for the virtual IP and FQDN pairing for each ZTNA connection rule.
# ----- FORTICLIENT ZTNA VIP START ----- 10.235.0.1 s27.qa.fortinet.com 10.235.0.2 s29.qa.fortinet.com # ----- FORTICLIENT ZTNA VIP END -----
What i`m missing?
Regards
Tom
- Labels:
-
FortiClient
-
FortiClient EMS
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Tom,
Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Thanks,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Tom,
We are still looking for someone to help you.
We will come back to you ASAP.
Regards,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Tom,
Did you try this document?:
https://docs.fortinet.com/document/fortiproxy/7.0.2/release-notes/987706
Regards,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Tom,
regarding the design for your case it all depends on the app type that is protected.
- ZTNA HTTP access proxy allows secure remote access to web-based applications
- ZTNA TCP forwarding access proxy is used for other applications, such as SSH, Remote Desktop Protocol (RDP), and others, whether hosted in the physical datacenter or cloud.
Some deployment examples are provided in below video links:
https://video.fortinet.com/latest/ztna-access-proxy-with-saml-and-mfa-using-fortiauthenticator
https://video.fortinet.com/latest/using-ztna-to-access-protected-tcp-applications
Regards
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Howdy Tom. I'm wondering how you made out? I didn't see anything particularly helpful in the responses to your question, and I am running into the exact same problem. I follow the same guide you are using and never see the hosts file entries that are supposed to get written. Did you make any progress?
Created on ‎06-11-2023 11:42 PM Edited on ‎06-11-2023 11:43 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi bmduncan33, from Fortinet technician i have heard that in the newest version of forticlient that file is not updating enymore.
Check this link link in my case it missed configuration in firewall proxy
set add-vhost/domain-to-dnsdb enable
Regards
Tom
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That link is for FortiOS 7.40. Can you tell me what version of FortiOS and FortiClient you are running? I'm on FortiOS 7.0.10 and FortiClient 7.0.6.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Tom. I got this working with advice from TAC to upgrade my FortiClient version from 7.0.6 to 7.0.8. Now I see the entries written to my hosts file and I'm all set. FYI.
