Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
AllanKakuhama
New Contributor

ZTNA for Android

I have a requirement to use ZTNA (Zero Trust Network Access) on Android devices. The devices need to communicate with some printers on the corporate network. We have already set up the ZTNA Destinations, policies, and groups, but communication doesn't work on Android devices. However, when we test it on Windows, the communication functions properly. Could you let me know if ZTNA has any compatibility issues with the Android system?

1 Solution
ozkanaltas
Valued Contributor III

Hello @AllanKakuhama ,

 

Regarding this document, ZTNA features aren't supported on Android devices. 

 

https://www.fortinet.com/products/endpoint-security/forticlient#models-specs

 

https://docs.fortinet.com/document/forticlient/7.2.0/android-administration-guide/996706/features

 

 

 

image.png

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW

View solution in original post

If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
9 REPLIES 9
ozkanaltas
Valued Contributor III

Hello @AllanKakuhama ,

 

Regarding this document, ZTNA features aren't supported on Android devices. 

 

https://www.fortinet.com/products/endpoint-security/forticlient#models-specs

 

https://docs.fortinet.com/document/forticlient/7.2.0/android-administration-guide/996706/features

 

 

 

image.png

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
Simon7

Then why is it even possible to configure ZTNA for Android in EMS? And Android shows the ZTNA telemetry service as "running"?

ozkanaltas
Valued Contributor III

Hello @Simon7 ,

 

ZTNA telemetry service and ZTNA Remote access service are different things. 

 

With ZTNA telemetry service, you can follow your Android client status. And you can give a ztna tag to these Android clients. After that, you can use these tags on your firewall policy for conditional access (For example, ssl-vpn rules). 

 

But with ZTNA remote access service, you can access your internal resources without any ssl-vpn or local connection. Because of that, these are different things. 

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
Simon7

Great information, I did not understand it in that way. Much appreciated, thanks!

ChuckieTodd

Could you explain this document?  Specifically, why does it claim support for ZTNA Remote Access on Android?  

 

https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/forticlient.pdf

Stephan_s

In the table on page 9 you see this:

 

image.png

Stephan_s
New Contributor III

There are other documents with similar tables and they have a checkmark for Android and ZTNA Remote Access. For example here:
https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/forticlient.pdf

gllgeorgiev1
New Contributor

Just create MAC based policies.

dynasoft

MAC based policies do not work if interface are WAN or not connected interfaces.

 

Any update from support ZTNA Remote Acces on android?

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors