Fortinet white logo
Fortinet white logo

Handbook

Configuring a ZTNA Profile

Configuring a ZTNA Profile

The ZTNA Profile is the ZTNA policy used to enforce access control to Layer 7 HTTPS and TCPS virtual servers. ZTNA profiles consist of one or more ZTNA rule that determine the Source IP and ZTNA tags that are allowed access, and the resulting action to take.

After you have created a ZTNA profile, you can reference the ZTNA profile in Layer 7 HTTPS and TCPS virtual server Security configurations.

Before you begin:
To create and configure a ZTNA Profile:
  1. Go to Network Security > ZTNA.
  2. Click the ZTNA Profile tab.
  3. Click Create New to display the configuration editor.
  4. Configure the following:

    Parameter

    Description

    NameSpecify the ZTNA Profile name. Valid characters are A-Z, a-z, 0-9, _, and -. No spaces.
    Log StatusEnable/disable logging.
    CommentsOptionally, enter comments about the ZTNA Profile.
  5. Click Save.
    The newly created ZTNA Profile is listed under the ZTNA Profile tab.
  6. Locate the newly created ZTNA Profile on the list and double-click the row or click the (Edit icon).
  7. Under Rule List, click Create New to display the configuration editor.
  8. Configure the following:

    Parameter

    Description

    Source IP

    Select the source IPs.

    ZTNA TagsSelect the ZTNA tags.
    Action

    Select either of the following actions:

    • Pass

    • Deny

    Deny is the default action.

    CommentsOptionally, enter comments about the ZTNA rule.

  9. Click Save.

Apply the Security ZTNA profile to a Layer 7 HTTPS or TCPS virtual server to activate ZTNA for server load balancing. Ensure the corresponding Client SSL profile is enabled for client certificate verification. For details, see Configuring virtual servers and Configuring client SSL profiles.

Configuring a ZTNA Profile

Configuring a ZTNA Profile

The ZTNA Profile is the ZTNA policy used to enforce access control to Layer 7 HTTPS and TCPS virtual servers. ZTNA profiles consist of one or more ZTNA rule that determine the Source IP and ZTNA tags that are allowed access, and the resulting action to take.

After you have created a ZTNA profile, you can reference the ZTNA profile in Layer 7 HTTPS and TCPS virtual server Security configurations.

Before you begin:
To create and configure a ZTNA Profile:
  1. Go to Network Security > ZTNA.
  2. Click the ZTNA Profile tab.
  3. Click Create New to display the configuration editor.
  4. Configure the following:

    Parameter

    Description

    NameSpecify the ZTNA Profile name. Valid characters are A-Z, a-z, 0-9, _, and -. No spaces.
    Log StatusEnable/disable logging.
    CommentsOptionally, enter comments about the ZTNA Profile.
  5. Click Save.
    The newly created ZTNA Profile is listed under the ZTNA Profile tab.
  6. Locate the newly created ZTNA Profile on the list and double-click the row or click the (Edit icon).
  7. Under Rule List, click Create New to display the configuration editor.
  8. Configure the following:

    Parameter

    Description

    Source IP

    Select the source IPs.

    ZTNA TagsSelect the ZTNA tags.
    Action

    Select either of the following actions:

    • Pass

    • Deny

    Deny is the default action.

    CommentsOptionally, enter comments about the ZTNA rule.

  9. Click Save.

Apply the Security ZTNA profile to a Layer 7 HTTPS or TCPS virtual server to activate ZTNA for server load balancing. Ensure the corresponding Client SSL profile is enabled for client certificate verification. For details, see Configuring virtual servers and Configuring client SSL profiles.