FortiClient EMS auto-detects FortiGate configuration of non-web ZTNA applications 7.4.1

FortiClient EMS uses its Fabric Connector to the FortiGate to retrieve non-web (TCP forwarding) ZTNA applications configured on the FortiGate and adds them to its new ZTNA Applications Catalog. When the EMS Administrator creates a ZTNA Remote Access profile, they can choose applications from the ZTNA Applications Catalog, no longer needing to re-define them in EMS.

To auto-detect configuration of non-web ZTNA applications:

1. Configure the FortiGate ZTNA application rule:

2. Go to Policy & Objects > ZTNA > ZTNA Servers.

   FortiOS should be on version 7.4.4 or above.

   1. Click Create New.

   2. Configure the ZTNA server.

      

   3. Click OK.

3. Create the Fabric connection between the FortiGate and FortiClient EMS:

   1. Go to Security Fabric > Fabric Connectors.

   2. Select the FortiClient EMS card.

   3. Enter the FortiClient EMS IP address and authorize the Fabric connection.

      

   4. On FortiClient EMS, go to Fabric & Connectors > Fabric Devices > Standalone devices. The FortiGate Fabric connection is visible.

      

   5. Go to Fabric & Connectors > ZTNA Applications Catalog. You can switch between Applications View and Gateway View.

      Applications View displays auto-detected and manually added ZTNA applications.

      

      Gateway View displays ZTNA applications by ZTNA proxy gateway.

      

4. Select which applications to provision as part of the ZTNA Destinations profile onto endpoint groups:

   1. Go to Endpoint Profiles > ZTNA Destinations.

   2. In the Default (Advanced) profile, under Rules, click Add.

   3. Select the required applications in the ZTNA applications dialog.

      

   4. Click Finish.

      

   5. Save the profile.

5. On the endpoint, in FortiClient, go to ZTNA Destination. The list of ZTNA applications learned from the FortiGate through FortiClient EMS are populated.