Fortinet black logo

ZTNA Architecture

Home FortiGate / FortiOS 7.0.0 ZTNA Architecture
7.0.0
7.0.0

What is ZTNA architecture?

What is ZTNA architecture?

With ZTNA access proxy, we form a secure connection without a dial-up VPN, and we can narrow the access surface to specific applications, which shrinks the attack surface. Following are examples of common use cases for ZTNA:

Use Case

Description

Web application access proxy

Access to web applications over HTTPS using the ZTNA access proxy

TCP forward access proxy (TFAP)

Access to other applications with ZTNA TCP forward access proxy

ZTNA identity and posture

Use ZTNA rules to tag endpoints with identity or posture telemetry

Identity Provider (IdP) integration

Integrate different types of IdPs for use with multi-factor authentication (MFA)

Following is an example architecture of ZTNA:

Whether users are located within the corporate network in HQ or located remotely in a coffee shop, in a home, or at a branch office, they can access internal resources securely by using ZTNA without additional VPN connections. The FortiGate access proxy verifies device identity, user identity, device health, geolocation, time, and application permissions before allowing access to provide a consistent user experience inside and outside the corporate network. This document explores the details of this ZTNA architecture further and dives into each component and design considerations for your environment.

Audience

Mid-level network and security architects in companies of all sizes and verticals should find this guide helpful.

About this guide

This guide is meant to provide high level insight into architectures for different zero trust use cases. It is meant to be used in conjunction with other technical documentation for each of the components listed in the guide. Where relevant, links to the administrative guides and other technical reference guides will be listed. See also More information.

Previous
Next

What is ZTNA architecture?

With ZTNA access proxy, we form a secure connection without a dial-up VPN, and we can narrow the access surface to specific applications, which shrinks the attack surface. Following are examples of common use cases for ZTNA:

Use Case

Description

Web application access proxy

Access to web applications over HTTPS using the ZTNA access proxy

TCP forward access proxy (TFAP)

Access to other applications with ZTNA TCP forward access proxy

ZTNA identity and posture

Use ZTNA rules to tag endpoints with identity or posture telemetry

Identity Provider (IdP) integration

Integrate different types of IdPs for use with multi-factor authentication (MFA)

Following is an example architecture of ZTNA:

Whether users are located within the corporate network in HQ or located remotely in a coffee shop, in a home, or at a branch office, they can access internal resources securely by using ZTNA without additional VPN connections. The FortiGate access proxy verifies device identity, user identity, device health, geolocation, time, and application permissions before allowing access to provide a consistent user experience inside and outside the corporate network. This document explores the details of this ZTNA architecture further and dives into each component and design considerations for your environment.

Audience

Mid-level network and security architects in companies of all sizes and verticals should find this guide helpful.

About this guide

This guide is meant to provide high level insight into architectures for different zero trust use cases. It is meant to be used in conjunction with other technical documentation for each of the components listed in the guide. Where relevant, links to the administrative guides and other technical reference guides will be listed. See also More information.

Previous
Next