Version:

Version:


Table of Contents

Cookbook

Download PDF
Copy Link

Configuring a ZTNA server

To configure a ZTNA server:
  1. Go to Policy & Objects > ZTNA and select the ZTNA Servers tab.
  2. Select Create New.

    The New ZTNA Server window opens.

  3. In Type select IPv4.

    Once set up, Type cannot be changed when editing the ZTNA server.

  4. In Name, enter a name for the server.
  5. In the Network pane:
    1. In External interface dropdown, select an external interface.

      Select Create to create a new interface.

    2. In External IP, enter the external IP address that the clients connect to.
    3. In External port, enter 389.

      By default, LDAP uses port 389.

  6. In Services and Servers pane:
    1. In Default certificate dropdown, select Fortinet_Factory.

      Clients are presented with this certificate when they connect to the access proxy VIP.

    2. In Service/server mapping, select Create new.

      The New Service/Server Mapping window opens.

      1. In Type, select IPv4.

        All hosted servers must be the same address type. The address type cannot be changed after the mapping is created.

      2. In Service, select TCP Forwarding.
      3. In the Servers pane, add a server by selecting Create new.

        Select an address and enter a port or a port range.

        Click OK.

      4. Click OK.
  7. Click OK.

Configuring a ZTNA server

To configure a ZTNA server:
  1. Go to Policy & Objects > ZTNA and select the ZTNA Servers tab.
  2. Select Create New.

    The New ZTNA Server window opens.

  3. In Type select IPv4.

    Once set up, Type cannot be changed when editing the ZTNA server.

  4. In Name, enter a name for the server.
  5. In the Network pane:
    1. In External interface dropdown, select an external interface.

      Select Create to create a new interface.

    2. In External IP, enter the external IP address that the clients connect to.
    3. In External port, enter 389.

      By default, LDAP uses port 389.

  6. In Services and Servers pane:
    1. In Default certificate dropdown, select Fortinet_Factory.

      Clients are presented with this certificate when they connect to the access proxy VIP.

    2. In Service/server mapping, select Create new.

      The New Service/Server Mapping window opens.

      1. In Type, select IPv4.

        All hosted servers must be the same address type. The address type cannot be changed after the mapping is created.

      2. In Service, select TCP Forwarding.
      3. In the Servers pane, add a server by selecting Create new.

        Select an address and enter a port or a port range.

        Click OK.

      4. Click OK.
  7. Click OK.