Hi ZTNA admins
We were accessing ZTNA destinations with FQDNs from our Windows Clients, but since few days we are not able anymore, without any apparent reason or change.
For now the ZTNA destinations can still be accessed by IP addresses.
Following some tests I found that FortiGate and EMS can resolve the related FQDNs properly (back-end servers).
However when trying to resolve the related FQDNs from client side I noticed that they dont resolve to the right IP addresses, but to strange addresses like 10.235.0.2, 10.235.0.3 and so, which are not part of our network!
Anyone had the same issue?
Anyone knows what is this range (10.235.0.x)? Is it internal to FCT as part of the proxy system?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi @AEK ,
Yes, you are right. "10.235.0.x" address range is used for ztna proxy by FortiClient. If you check your client "hosts" file, you can see the record for your fqdn with this IP range.
I think the FortiClient proxy service is not working properly. Can you try to disable and enable the ZTNA feature from the EMS console? This will trigger ztna services on the client machine.
Thanks Ozkan for the information.
Sure I'll try it and advise.
Helped by TAC support and the issue was fixed just by using proxy rule instead of firewall rule.
I need to review my ZTNA lessons.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1662 | |
1077 | |
752 | |
446 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.