Despite the following, we are still getting a barrage of brute force
login attempts on our SSL VPN.- disabled web mode- using non 443 port-
edited to the HTML page to hide login fields- created local-in policy to
narrow sources, etc- tweaked the logi...
Is it possible to create ZTNA rules to grant access to microsoft
controlled shared and personal drives ? I'm not a windows guy, but I
believe that this requires some UDP ports...something not supported in
ZTNA. If somehow this is possible, I assume t...
If my proxy gateway is listening on port 9443 and the destination host
is listening on 443, do I need to point my browser at
https://example.com:9443 ? When I simply do https://example.com it
doesn't work - I need to add 9443. I thought that FCT woul...
Let's say I have a switch/AP that is being managed by a platform like
FortiManager or Mist (Juniper). If changes are made with these tools,
I'm assuming that:- NAC will poll the switch/AP as usual and get the new
parameters like VLAN ID, etc. - Run p...
My goal is to implement FSSO for the purpose of creating firewall
policies based on group membership. The caveat is that there is no LDAP
server to provide group membership. We have a custom VPN application
that is successfully sending username-to-IP...
thanks all - very useful ideas. Can anyone answer this question: I am
wondering if forcing the user to present a client certificate would
reduce these attempts. In other words, does the enforcement of a client
side certificate happen before a usernam...
Really want to get to the bottom of why this doesn't work - it should.
The certificate installed on the proxy gateway is the same as the one
installed on the real webserver. The client trusts this certificate. The
client properly resolves the name to...
It does work when doing TCP forwarding to 443...I think I must be
running into certificate/DNS issues.Public Proxy Gateway IP =
x.x.x.xPublic Proxy Gateway FQDN = vpn.myztna.comReal Destination Host
IP = 10.99.99.7My client currently has a FQDN entry...
My EMS config looks correct, pushed down to client. My ZTNA config on
the gate looks correct as well. When I point my browser to
https://10.99.99.7:443 it properly sends traffic on port 9443 and hits
the ZTNA rule. The auth on the rule works as well....
