Fortinet black logo

Provisioning ZTNA TCP forwarding rules via EMS 7.0.1

Copy Link
Copy Doc ID c7e1b029-a797-11eb-b70b-00505692583a:865128
Download PDF

Provisioning ZTNA TCP forwarding rules via EMS 7.0.1

You can configure ZTNA TCP forwarding rules on the XML Configuration tab in an endpoint profile in EMS to push the same rules to multiple endpoints, instead of manually configuring the rules on each endpoint.

To configure ZTNA TCP forwarding rules via EMS:
  1. In EMS, go to Endpoint Profiles > Manage Profiles.
  2. Select the desired profile.
  3. On the XML Configuration tab, edit the existing configuration to include the ZTNA rules elements. The following provides an example with two rules:

    <ztna>

    <enabled>1</enabled>

    <enable_chrome>0</enable_chrome>

    <rules>

    <rule>

    <name>Salesforce</name>

    <destination>salesforce.fortinet.com</destination>

    <gateway>204.74.24.19</gateway>

    <mode>transparent</mode>

    <encryption>0</encryption>

    </rule>

    <rule>

    <name>Finance</name>

    <destination>finance.fortinet.com</destination>

    <gateway>204.54.24.19</gateway>

    <mode>transparent</mode>

    <encryption>0</encryption>

    </rule>

    </rules>

    </ztna>

  4. Save the profile. After the endpoint receives the profile updates from EMS, you can find the TCP forwarding rules on the FortiClient ZTNA Connection Rules tab.

Note

FortiClient does not currently support enabling encryption for a ZTNA rule using XML configuration. If you configure <encryption> as 1, encryption remains disabled for the rule in FortiClient.

Provisioning ZTNA TCP forwarding rules via EMS 7.0.1

You can configure ZTNA TCP forwarding rules on the XML Configuration tab in an endpoint profile in EMS to push the same rules to multiple endpoints, instead of manually configuring the rules on each endpoint.

To configure ZTNA TCP forwarding rules via EMS:
  1. In EMS, go to Endpoint Profiles > Manage Profiles.
  2. Select the desired profile.
  3. On the XML Configuration tab, edit the existing configuration to include the ZTNA rules elements. The following provides an example with two rules:

    <ztna>

    <enabled>1</enabled>

    <enable_chrome>0</enable_chrome>

    <rules>

    <rule>

    <name>Salesforce</name>

    <destination>salesforce.fortinet.com</destination>

    <gateway>204.74.24.19</gateway>

    <mode>transparent</mode>

    <encryption>0</encryption>

    </rule>

    <rule>

    <name>Finance</name>

    <destination>finance.fortinet.com</destination>

    <gateway>204.54.24.19</gateway>

    <mode>transparent</mode>

    <encryption>0</encryption>

    </rule>

    </rules>

    </ztna>

  4. Save the profile. After the endpoint receives the profile updates from EMS, you can find the TCP forwarding rules on the FortiClient ZTNA Connection Rules tab.

Note

FortiClient does not currently support enabling encryption for a ZTNA rule using XML configuration. If you configure <encryption> as 1, encryption remains disabled for the rule in FortiClient.