Provisioning ZTNA TCP forwarding rules via EMS 7.0.1
You can configure ZTNA TCP forwarding rules on the XML Configuration tab in an endpoint profile in EMS to push the same rules to multiple endpoints, instead of manually configuring the rules on each endpoint.
To configure ZTNA TCP forwarding rules via EMS:
- In EMS, go to Endpoint Profiles > Manage Profiles.
- Select the desired profile.
- On the XML Configuration tab, edit the existing configuration to include the ZTNA rules elements. The following provides an example with two rules:
<ztna>
<enabled>1</enabled>
<enable_chrome>0</enable_chrome>
<rules>
<rule>
<name>Salesforce</name>
<destination>salesforce.fortinet.com</destination>
<gateway>204.74.24.19</gateway>
<mode>transparent</mode>
<encryption>0</encryption>
</rule>
<rule>
<name>Finance</name>
<destination>finance.fortinet.com</destination>
<gateway>204.54.24.19</gateway>
<mode>transparent</mode>
<encryption>0</encryption>
</rule>
</rules>
</ztna>
- Save the profile. After the endpoint receives the profile updates from EMS, you can find the TCP forwarding rules on the FortiClient ZTNA Connection Rules tab.
FortiClient does not currently support enabling encryption for a ZTNA rule using XML configuration. If you configure |