I added a wildcard ztna destination. *.domain.com:3389When I do
nslookups I get the VIP address for every host I try to connect to in
that domain. When trying to connect via RDP nothing happens with the
fortclient. The fortitcs log doesn't show anyth...
Forticlient 7.2.1Windows 10JetBrains/DataGrip SSH clientPutty 0.76When
setting up a ZTNA destination I can connect to devices using putty/ssh
and everything works. When using JetBrains/DataGrip database IDE that
uses the openSSH library, the applicat...
I am trying to implement the shadow-ztna feature so I do not have to
host dns entries for internal resources on the public internet. I am
using the below 7.2.5 administration guide. It states that the command
is hidden but on the 200F running 7.2.5 t...
I am following the below document. The machine account that I specify
does not connect to the VPN automatically. If I manually enter the
machine username and password during vpn pre login, the VPN will
connect.https://docs.fortinet.com/document/forti...
I have been testing out a client doing various things on it and now I
get a ZTNA client certificate not provided error. Sometimes I can
connect to gateways and sometimes not. Another test forticlient is using
the exact same policy and profiles and is...
diagnose wad debug enable category alldiagnose wad debug enable level
verbosediagnose debug enableNothing from that client is shown on the
fortigate. If I create a personal destination in the forticlient using
the fqdn (hostname.domain.com:3389) that...
Looks like it is the UI timing out before the forticlient can intercept
the traffic. I'll take this to the jet brains forum to see if there is
something that can be changed there.
From the attached screenshots I can use the jetbrain ssh client to ssh
to any destination that is not ztna (100.99.32.148).I can use the
windows openssh client from cli and get the fortigate/FAC MFA prompt for
ztna destination 10.235.0.1. The jetbrai...
I am hoping the fix will be that all ZTNA tags are shared across all
firewalls and vdoms that have fabric connections to the same EMS server.
Also the workaround for only connecting to one access proxy requires
backside routing. Each of the firewalls...