Fortinet white logo
Fortinet white logo

CLI Reference

configure security ztna-profile

configure security ztna-profile

Use this command to create a ZTNA profile.

The ZTNA profile is the ZTNA policy used to enforce access control to Layer 7 HTTPS and TCPS virtual servers. ZTNA profiles consist of one or more ZTNA rule that determine the Source IP and ZTNA tags that are allowed access, and the resulting action to take.

After you have created a ZTNA profile, you can apply the Security ZTNA profile to a Layer 7 HTTPS or TCPS virtual server to activate ZTNA for server load balancing. Ensure the corresponding Client SSL profile is enabled for client certificate verification. For details, see config load-balance virtual-server and config load-balance client-ssl-profile.

The ZTNA profile is an integral part of the Zero Trust Network Access (ZTNA) functionality. For more information, see the FortiADC Handbook on ZTNA.

Before you begin:

Syntax

configure security ztna-profile

edit <name>

set log {enable|disable}

config rule-list

edit <id>

set source-ip <address1> <address2> … <addressn>

set ztna-tags <tags-name1> <tags-name2> … <tags-name3>

set action {pass|deny}

next

end

next

end

log

Enable/disable logging.

config rule-list

source-ip

Specify the source IPs.

ztna-tags

Specify the ZTNA tags.

action

Select either of the following actions:

  • pass

  • deny

The default action is deny.

Example

config security ztna profile

edit "low-pass"

set log enable

config rule-list

edit 1

set source-ip Any

set ztna-tags FCTEMS8822003242_Low

set action pass

next

end

next

end

configure security ztna-profile

configure security ztna-profile

Use this command to create a ZTNA profile.

The ZTNA profile is the ZTNA policy used to enforce access control to Layer 7 HTTPS and TCPS virtual servers. ZTNA profiles consist of one or more ZTNA rule that determine the Source IP and ZTNA tags that are allowed access, and the resulting action to take.

After you have created a ZTNA profile, you can apply the Security ZTNA profile to a Layer 7 HTTPS or TCPS virtual server to activate ZTNA for server load balancing. Ensure the corresponding Client SSL profile is enabled for client certificate verification. For details, see config load-balance virtual-server and config load-balance client-ssl-profile.

The ZTNA profile is an integral part of the Zero Trust Network Access (ZTNA) functionality. For more information, see the FortiADC Handbook on ZTNA.

Before you begin:

Syntax

configure security ztna-profile

edit <name>

set log {enable|disable}

config rule-list

edit <id>

set source-ip <address1> <address2> … <addressn>

set ztna-tags <tags-name1> <tags-name2> … <tags-name3>

set action {pass|deny}

next

end

next

end

log

Enable/disable logging.

config rule-list

source-ip

Specify the source IPs.

ztna-tags

Specify the ZTNA tags.

action

Select either of the following actions:

  • pass

  • deny

The default action is deny.

Example

config security ztna profile

edit "low-pass"

set log enable

config rule-list

edit 1

set source-ip Any

set ztna-tags FCTEMS8822003242_Low

set action pass

next

end

next

end