Fortinet white logo
Fortinet white logo

EMS Administration Guide

Zero Trust Tags

Zero Trust Tags

Zero trust network access (ZTNA) is an access control method that uses client device identification, authentication, and Zero Trust tags to provide role-based application access. It gives administrators the flexibility to manage network access for on-net local users and off-net remote users. Access to applications is granted only after verifying the device, authenticating the user’s identity, authorizing the user, and then performing context-based posture checks using Zero Trust tags.

Traditionally, a user and device have different rule sets for on-net access and off-net VPN access to company resources. With a distributed workforce and access that spans company networks, data centers, and cloud, managing the rules can become complex. User experience is also affected when multiple VPNs are needed to get to various resources. ZTNA can improve this experience.

You can create Zero Trust tagging rules for endpoints based on their operating system versions, logged in domains, running processes, and other criteria. EMS uses the rules to dynamically group endpoints. FortiOS can use the dynamic endpoint groups to build dynamic policy rules.

When using ZTNA, configuring dynamic DNS (DDNS) updates as Secure only is not supported.

See the Zero Trust Application Gateway Admin Guide for information about ZTNA.

Zero Trust Tags

Zero Trust Tags

Zero trust network access (ZTNA) is an access control method that uses client device identification, authentication, and Zero Trust tags to provide role-based application access. It gives administrators the flexibility to manage network access for on-net local users and off-net remote users. Access to applications is granted only after verifying the device, authenticating the user’s identity, authorizing the user, and then performing context-based posture checks using Zero Trust tags.

Traditionally, a user and device have different rule sets for on-net access and off-net VPN access to company resources. With a distributed workforce and access that spans company networks, data centers, and cloud, managing the rules can become complex. User experience is also affected when multiple VPNs are needed to get to various resources. ZTNA can improve this experience.

You can create Zero Trust tagging rules for endpoints based on their operating system versions, logged in domains, running processes, and other criteria. EMS uses the rules to dynamically group endpoints. FortiOS can use the dynamic endpoint groups to build dynamic policy rules.

When using ZTNA, configuring dynamic DNS (DDNS) updates as Secure only is not supported.

See the Zero Trust Application Gateway Admin Guide for information about ZTNA.