Description This article describes the new settings required for SSL VPN
Azure AD Auto Connect when FortiGate is running v7.4.2 or higher.
Starting with v7.2.1, Azure AD domain joined machines are capable of
automatically connecting to an SSL VPN tun...
Description This article provides the lists of resources related to ZTNA
Access proxy and ZTNA IP/MAC Control applied to various features in
FortiGate. It has been organized in six sections that cover ZTNA usage
in: ZTNA Resource Center. EMS and Fort...
Description This article describes a possible cause of ZTNA proxy or
firewall policies failing to match when SAML authentication method is
used.This issue is likely to be triggered when FortiAuthenticator is
configured as SAML IdP. Consider a scenari...
Description This article describes a possible cause of ZTNA proxy or
firewall policies failing to be matched if Geography IP Address object
is used as source.Geography Address objects are commonly used to
restrict access to certain countries for cert...
Description This article describes a possible cause of ZTNA Tags not
synchronizing to FortiGateIf object tagging has been configured and any
entries other than the 'default' have been created, ZTNA Tags may fail
to be synchronized from FortiClient EM...
Hi Allan, You are correct. The fix is to allow for ZTNA tags to be
synchronized across all vdoms and firewalls. Regarding the NAT being
disabled after policy changes, I have already reported that to
Development as well. A proxy policy can be used wit...
For more clarity, please review the article below and track Known Issue
ID 849073 in future FortiOS release
notes.https://community.fortinet.com/t5/FortiGate/Technical-Tip-Behavior-of-ZTNA-Tags-shared-across-multiple-vdoms/ta-p/266371Thank
you, Carlo...
Hi aguerriero, Thank you for raising a case with TAC. I am sharing here
so others can benefit from your post.Development confirmed this is a
known issue registered under ID 849073 where ZTNA Tags shared across
vdoms will not work. This issue affects ...
Hi @goenacc, I just came across this post and thought I would share if
it had not been done from your TAC ticket, but this is a known issue
investigated under BUG ID 705880 - Update user group with SAML user will
update firewall policy, which is fixe...