Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
aguerriero
Contributor II

Created on ‎09-07-2023 06:40 AM Edited on ‎09-07-2023 06:52 AM

ZTNA ssh proxy not working with some SSH clients.

Forticlient 7.2.1

Windows 10
JetBrains/DataGrip SSH client

Putty 0.76

When setting up a ZTNA destination I can connect to devices using putty/ssh and everything works. When using JetBrains/DataGrip database IDE that uses the openSSH library, the application never connects.

I was under the impression that ZTNA would intercept and proxy traffic based on destination address/port but the forticlient seems to not try to proxy the openSSH client at all. Traffic from the IDE application is still trying to use regular routing for the ZTNA Destination.

https://www.jetbrains.com/help/datagrip/configuring-ssh-and-ssl.html#ssl 

Labels:
823
0 Kudos
1 Solution
aguerriero
Contributor II

Created on ‎09-11-2023 06:01 AM

Looks like it is the UI timing out before the forticlient can intercept the traffic. I'll take this to the jet brains forum to see if there is something that can be changed there.

View solution in original post

735
0 Kudos
2 REPLIES 2
aguerriero
Contributor II

Created on ‎09-07-2023 08:45 AM

From the attached screenshots I can use the jetbrain ssh client to ssh to any destination that is not ztna (100.99.32.148).

I can use the windows openssh client from cli and get the fortigate/FAC MFA prompt for ztna destination 10.235.0.1. The jetbrain client is set to use the windows openssh client.

When using this netbrain client the connection times out because it is trying to use my networks default gateway instead of the forticlient proxy to reach 10.235.0.1

Is there some way to let the forticlient know that port 22 from this application to a ztna destination needs to be processed by the forticlient and not use default routing?


Jetbrain to non ztna destinationJetbrain to non ztna destinationjetbrain using openssh to ztna destinationjetbrain using openssh to ztna destinationwindows command prompt to ztna destinationwindows command prompt to ztna destination

806
0 Kudos
aguerriero
Contributor II

Created on ‎09-11-2023 06:01 AM

Looks like it is the UI timing out before the forticlient can intercept the traffic. I'll take this to the jet brains forum to see if there is something that can be changed there.

736
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.