- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ZTNA for Android
I have a requirement to use ZTNA (Zero Trust Network Access) on Android devices. The devices need to communicate with some printers on the corporate network. We have already set up the ZTNA Destinations, policies, and groups, but communication doesn't work on Android devices. However, when we test it on Windows, the communication functions properly. Could you let me know if ZTNA has any compatibility issues with the Android system?
Solved! Go to Solution.
- Labels:
-
FortiClient
-
FortiClient EMS
-
FortiGate
-
ZTNA
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @AllanKakuhama ,
Regarding this document, ZTNA features aren't supported on Android devices.
https://www.fortinet.com/products/endpoint-security/forticlient#models-specs
https://docs.fortinet.com/document/forticlient/7.2.0/android-administration-guide/996706/features
NSE 4-5-6-7 OT Sec - ENT FW
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @AllanKakuhama ,
Regarding this document, ZTNA features aren't supported on Android devices.
https://www.fortinet.com/products/endpoint-security/forticlient#models-specs
https://docs.fortinet.com/document/forticlient/7.2.0/android-administration-guide/996706/features
NSE 4-5-6-7 OT Sec - ENT FW
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Then why is it even possible to configure ZTNA for Android in EMS? And Android shows the ZTNA telemetry service as "running"?
Created on 05-14-2024 12:38 AM Edited on 05-14-2024 12:38 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @Simon7 ,
ZTNA telemetry service and ZTNA Remote access service are different things.
With ZTNA telemetry service, you can follow your Android client status. And you can give a ztna tag to these Android clients. After that, you can use these tags on your firewall policy for conditional access (For example, ssl-vpn rules).
But with ZTNA remote access service, you can access your internal resources without any ssl-vpn or local connection. Because of that, these are different things.
NSE 4-5-6-7 OT Sec - ENT FW
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Great information, I did not understand it in that way. Much appreciated, thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Could you explain this document? Specifically, why does it claim support for ZTNA Remote Access on Android?
https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/forticlient.pdf
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In the table on page 9 you see this:
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
There are other documents with similar tables and they have a checkmark for Android and ZTNA Remote Access. For example here:
https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/forticlient.pdf
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Just create MAC based policies.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
MAC based policies do not work if interface are WAN or not connected interfaces.
Any update from support ZTNA Remote Acces on android?