Version:

Version:


Table of Contents

Download PDF
Copy Link

Browser as external user agent for ZTNA user authentication 7.0.3

Using a browser as an external user agent for Zero Trust Network Access user authentication requires the following:

  • The FortiGate and EMS must be connected as part of a Fortinet Security Fabric.
  • You must have properly configured ZTNA settings in FortiOS.
  • FortiClient must be registered to EMS.
  • You must have configured ZTNA rules in EMS or FortiClient.

The following shows the topology for this example:

To add a ZTNA rule in FortiClient:
  1. Go to ZTNA Connection Rules.
  2. Click Add Rule.
  3. Configure a rule as desired. Enable Use external browser as user-agent for saml user authentication. This example configures an SSH server.
  4. Click Create.

To verify the configuration:
  1. Attempt to connect to the configured SSH server.
  2. The browser may display a prompt to select a certificate for authentication. If so, install the desired certificate as directed. The browser displays a FortiAuthenticator authentication web portal.

  3. Log in via the browser. The endpoint can now access the SSH server.

Browser as external user agent for ZTNA user authentication 7.0.3

Using a browser as an external user agent for Zero Trust Network Access user authentication requires the following:

  • The FortiGate and EMS must be connected as part of a Fortinet Security Fabric.
  • You must have properly configured ZTNA settings in FortiOS.
  • FortiClient must be registered to EMS.
  • You must have configured ZTNA rules in EMS or FortiClient.

The following shows the topology for this example:

To add a ZTNA rule in FortiClient:
  1. Go to ZTNA Connection Rules.
  2. Click Add Rule.
  3. Configure a rule as desired. Enable Use external browser as user-agent for saml user authentication. This example configures an SSH server.
  4. Click Create.

To verify the configuration:
  1. Attempt to connect to the configured SSH server.
  2. The browser may display a prompt to select a certificate for authentication. If so, install the desired certificate as directed. The browser displays a FortiAuthenticator authentication web portal.

  3. Log in via the browser. The endpoint can now access the SSH server.