Fortinet black logo

ZTNA Architecture

Home FortiGate / FortiOS 7.0.0 ZTNA Architecture
7.0.0
7.0.0

Summary

Summary

In summary, while designing your Zero Trust Access solution, consider where you would apply ZTNA access proxy and where you would apply ZTNA secure access. Both rely on ZTNA tags and rules, but ZTNA access proxy considers further the identity of connecting devices and secures traffic between the user and the FortiGate access proxy. Therefore, it is the more appropriate solution for remote access.

When using ZTNA access proxy, it is also important to consider when to apply HTTPS access proxy or TCP forwarding access proxy. Generally, web applications will fall under the former, and non-web applications, such as RDP, will fall under the latter. A special SSH access proxy is also available for SSH-based access and integration with SSH servers. Finally, each type of access proxy also supports load-balancing. When scaling and redundancy are needed, you can define multiple servers to load-balance traffic between them.

Previous
Next

Summary

In summary, while designing your Zero Trust Access solution, consider where you would apply ZTNA access proxy and where you would apply ZTNA secure access. Both rely on ZTNA tags and rules, but ZTNA access proxy considers further the identity of connecting devices and secures traffic between the user and the FortiGate access proxy. Therefore, it is the more appropriate solution for remote access.

When using ZTNA access proxy, it is also important to consider when to apply HTTPS access proxy or TCP forwarding access proxy. Generally, web applications will fall under the former, and non-web applications, such as RDP, will fall under the latter. A special SSH access proxy is also available for SSH-based access and integration with SSH servers. Finally, each type of access proxy also supports load-balancing. When scaling and redundancy are needed, you can define multiple servers to load-balance traffic between them.

Previous
Next