Fortinet black logo

New Features

Home FortiClient 7.0.0 New Features

Browser as external user agent for ZTNA user authentication 7.0.3

7.0.0
7.2.0
7.0.0
6.4.0
6.2.3
6.2.2
6.2.1
6.2.0
Copy Link
Copy Doc ID c7e1b029-a797-11eb-b70b-00505692583a:682389
Download PDF

Browser as external user agent for ZTNA user authentication 7.0.3

Using a browser as an external user agent for zero trust network access (ZTNA) user authentication requires the following:

  • The FortiGate and EMS must be connected as part of a Fortinet Security Fabric.
  • You must have properly configured ZTNA settings in FortiOS.
  • FortiClient must be registered to EMS.
  • You must have configured ZTNA rules in EMS or FortiClient.

The following shows the topology for this example:

To add a ZTNA rule in FortiClient:
  1. Go to ZTNA Connection Rules.
  2. Click Add Rule.
  3. Configure a rule as desired. Enable Use external browser as user-agent for saml user authentication. This example configures an SSH server.
  4. Click Create.

To verify the configuration:
  1. Attempt to connect to the configured SSH server.
  2. The browser may display a prompt to select a certificate for authentication. If so, install the desired certificate as directed. The browser displays a FortiAuthenticator authentication web portal.

  3. Log in via the browser. The endpoint can now access the SSH server.
Previous
Next

Browser as external user agent for ZTNA user authentication 7.0.3

Using a browser as an external user agent for zero trust network access (ZTNA) user authentication requires the following:

  • The FortiGate and EMS must be connected as part of a Fortinet Security Fabric.
  • You must have properly configured ZTNA settings in FortiOS.
  • FortiClient must be registered to EMS.
  • You must have configured ZTNA rules in EMS or FortiClient.

The following shows the topology for this example:

To add a ZTNA rule in FortiClient:
  1. Go to ZTNA Connection Rules.
  2. Click Add Rule.
  3. Configure a rule as desired. Enable Use external browser as user-agent for saml user authentication. This example configures an SSH server.
  4. Click Create.

To verify the configuration:
  1. Attempt to connect to the configured SSH server.
  2. The browser may display a prompt to select a certificate for authentication. If so, install the desired certificate as directed. The browser displays a FortiAuthenticator authentication web portal.

  3. Log in via the browser. The endpoint can now access the SSH server.
Previous
Next