Help
FortiClient
FortiClient proactively defends against advanced attacks. Its tight integration with the Security Fabric enables policy-based automation to contain threats and control outbreaks. FortiClient is compatible with Fabric-Ready partners to further strengthen enterprises’ security posture.
aliyavuzer
Staff
Staff

Created on ‎11-16-2023 04:01 AM

Article Id 284631

Technical Tip: Using the ZTNA Certificate on VPN Connection (Linux)

Description This article describes how to use the ZTNA Certificate on VPN Connection (Linux).
Scope VPN Certificate authentication with ZTNA Certificate, FortiClient.
Solution

ZTNA device certificate verification from EMS for SSL VPN connections v7.2.1.
FortiOS supports VPN authentication with a ZTNA Certificate now.

 

FortiOS side Configuration steps are described in the following documentation:

ZTNA device certificate verification from EMS for SSL VPN connections

 

To get a ZTNA Certificate on an SSL VPN connection on Linux endpoints, configure the 'Linux Smart Card Certificate' section.

 

  • Edit Remote Access Profile, select VPN Tunnel, and Edit.
 

edit-remote-access-vpn-tunnel.png

 

  • Configure the 'Linux Smart Card Certificate' field with '/opt/forticlient/tpm2/lib/libtpm2_pkcs11.so' then save the profile.

 

Linux Smart Card CertificateLinux Smart Card Certificate

 

  • When the Linux endpoint receives a new profile, the ZTNA Certificate will be visible on the Remote access certificate selection tab.

 

remote-access_certlinux-2.png
Note: FortiClient EMS and FortiClient require v7.2.2 GA Release.
496
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.