Configuring a zero trust tunnel example
For information on Zero Trust Network Access (ZTNA), see Zero Trust Network Access introduction in the FortiOS Admin Guide.
This example shows zero trust tunnel-related configuration for FortiAuthenticator.
For detailed zero trust tunnel configuration, including setting up a remote zero trust server, see the Setting up a zero trust tunnel recipe in the FortiAuthenticator Cookbook on the Fortinet Docs Library.
Configuring a zero trust tunnel on FortiAuthenticator
To configure a zero trust tunnel:
- Go to System > Network > Zero Trust Tunnels.
- Select Create New.
The Create New Zero Trust Tunnel window opens.
- In Name, enter a name for the zero trust tunnel.
- In URL, enter a URL specifying the IP/FQDN and port for the ZTNA server, e.g.,
https://fac.school.net:8443/
. - In the Client certificate dropdown, select a certificate. This certificate is used to authenticate to the ZTNA server.
- Click Save.
Configuring an LDAP server with zero trust tunnel enabled on FortiAuthenticator
To configure an LDAP server:
- Go to Authentication > Remote Auth. Servers > LDAP, and select Create New.
- In Create New LDAP server:
- In Name, enter a name.
- Enable Use Zero Trust tunnel and from the dropdown select a zero trust tunnel.
- In Primary Server IP, enter the IP address/FQDN of the LDAP server.
- In Port, enter the port number of the LDAP server.
- In Base distinguished name, enter a base distinguished name.
- In Bind Type, select Regular.
Enter the username and password for the LDAP server administrator account.
- Click Save.