When using fortiClient to connect to ssl-vpn, does fortiGate's firewall policy allow ssl-vpn traffic?
1. Connect to ZERO TRUST TELEMETRY and pass the ztna authentication. forticlient obtains the ZTNA-EMS-TAG
2. Connect ssl-vpn to fortiGate,
3. The fortiGate policy is as follows: Do not check the ztna-ems-tag
config firewall policy edit 1 set name "Allow_sslvpn_users" set uuid 7f32310a-131c-511e-283d-23f23f23fcb164 set srcintf "ssl.root" set dstintf "port1" set action accept set ztna-status enable set srcaddr "SSL_VPN" set dstaddr "PRIVATE" set schedule "always" set service "ALL" set utm-status enable set ssl-ssh-profile "certificate-inspection" set av-profile "default" set ips-sensor "default" set users "test" next end
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.