Configuring a ZTNA Profile
The ZTNA Profile is the ZTNA policy used to enforce access control to Layer 7 HTTPS and TCPS virtual servers. ZTNA profiles consist of one or more ZTNA rule that determine the Source IP and ZTNA tags that are allowed access, and the resulting action to take.
After you have created a ZTNA profile, you can reference the ZTNA profile in Layer 7 HTTPS and TCPS virtual server Security configurations.
Before you begin:
- You must have registered the FortiADC device through the FortiClient EMS connector. For more information, see Zero Trust Network Access (ZTNA) and Configuring FortiClient EMS Connector for ZTNA.
- You must have Read-Write permission for System settings.
To create and configure a ZTNA Profile:
- Go to Network Security > ZTNA.
- Click the ZTNA Profile tab.
- Click Create New to display the configuration editor.
- Configure the following:
Parameter
Description
Name Specify the ZTNA Profile name. Valid characters are A-Z, a-z, 0-9, _, and -. No spaces. Log Status Enable/disable logging. Comments Optionally, enter comments about the ZTNA Profile. - Click Save.
The newly created ZTNA Profile is listed under the ZTNA Profile tab. - Locate the newly created ZTNA Profile on the list and double-click the row or click the (Edit icon).
- Under Rule List, click Create New to display the configuration editor.
- Configure the following:
Parameter
Description
Source IP Select the source IPs.
ZTNA Tags Select the ZTNA tags. Action Select either of the following actions:
Pass
Deny
Deny is the default action.
Comments Optionally, enter comments about the ZTNA rule. - Click Save.
Apply the Security ZTNA profile to a Layer 7 HTTPS or TCPS virtual server to activate ZTNA for server load balancing. Ensure the corresponding Client SSL profile is enabled for client certificate verification. For details, see Configuring virtual servers and Configuring client SSL profiles.