Forticlient 7.2.1
Windows 10
JetBrains/DataGrip SSH client
Putty 0.76
When setting up a ZTNA destination I can connect to devices using putty/ssh and everything works. When using JetBrains/DataGrip database IDE that uses the openSSH library, the application never connects.
I was under the impression that ZTNA would intercept and proxy traffic based on destination address/port but the forticlient seems to not try to proxy the openSSH client at all. Traffic from the IDE application is still trying to use regular routing for the ZTNA Destination.
https://www.jetbrains.com/help/datagrip/configuring-ssh-and-ssl.html#ssl
Solved! Go to Solution.
Looks like it is the UI timing out before the forticlient can intercept the traffic. I'll take this to the jet brains forum to see if there is something that can be changed there.
From the attached screenshots I can use the jetbrain ssh client to ssh to any destination that is not ztna (100.99.32.148).
I can use the windows openssh client from cli and get the fortigate/FAC MFA prompt for ztna destination 10.235.0.1. The jetbrain client is set to use the windows openssh client.
When using this netbrain client the connection times out because it is trying to use my networks default gateway instead of the forticlient proxy to reach 10.235.0.1
Is there some way to let the forticlient know that port 22 from this application to a ztna destination needs to be processed by the forticlient and not use default routing?
Looks like it is the UI timing out before the forticlient can intercept the traffic. I'll take this to the jet brains forum to see if there is something that can be changed there.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1738 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.