Fortinet black logo

ZTNA Concept Guide

Home FortiGate / FortiOS 7.0.0 ZTNA Concept Guide

What is ZTNA?

7.0.0
7.0.0
Copy Link
Copy Doc ID dc761eb9-cc98-11ec-bb32-fa163e15d75b:126213
Download PDF

What is ZTNA?

ZTNA, by industry standards, is a product or service that protects applications by allowing only trusted entities access to the application. Trust is determined by a trust broker that continually verifies the identity and context of the connecting entity while performing access control based on these factors. Lateral movements within the protected application and network are limited, further reducing the attack surface for compromised hosts.

As you ponder the definition and how this applies to your organization, ask yourself these important questions:

  • Who are the entities (users, devices, and security posture) that we trust? What are the characteristics of entities we do not trust?
  • What are the applications and resources that we want to protect? What are the levels of trust required to access these applications?
  • Where are the trusted entities connecting from? Where are the protected applications located?
  • How are the trusted entities connecting to the protected applications?

To visualize, imagine a ZTNA solution delivered by Fortinet:

In this example, trusted entities are corporate users and devices accessing from homes, coffee shops, regional offices, and within the corporate headquarters (HQ). They require access to application servers within the internal server VLAN of the corporate HQ and application servers in the cloud. They may be accessing the application servers using remote desktop (RDP), SSH, HTTPS, SMB, or other means.

Traditionally, remote users will have VPN access to each of the protected networks, which requires various remote tunnels to be established. Internal clients may inadvertently be allowed more access than needed, such as access to the DMZ network.

ZTNA assumes no users or devices are trusted, until the trust broker confirms the device and user are who they are, and their security posture is compliant with the company standards. This greatly reduces unauthorized access from an unknown device with stolen credentials, and the chance of a compromised host accessing protected resources. Role-based access control reduces lateral movements and maintains similar access control based on access levels regardless of location.

In this document, we will explore the concept and components, and learn about how Fortinet delivers on each aspect of ZTNA.

Intended audience

Mid-level network and security architects in companies of all sizes and verticals should find this guide helpful.

About this guide

This guide aims to provide a broad overview of Zero Trust Network Access concepts, and introduce products in the Fortinet portfolio that work together to implement a scalable ZTNA solution. Industry standard terminologies are used, with introductions to Fortinet specific terms, concepts, and technologies. Readers can proceed to the ZTNA Architecture and ZTNA Deployment guides when they are familiar with the concept and terminology, and are ready to explore different designs to use in their environment.

Previous
Next

What is ZTNA?

ZTNA, by industry standards, is a product or service that protects applications by allowing only trusted entities access to the application. Trust is determined by a trust broker that continually verifies the identity and context of the connecting entity while performing access control based on these factors. Lateral movements within the protected application and network are limited, further reducing the attack surface for compromised hosts.

As you ponder the definition and how this applies to your organization, ask yourself these important questions:

  • Who are the entities (users, devices, and security posture) that we trust? What are the characteristics of entities we do not trust?
  • What are the applications and resources that we want to protect? What are the levels of trust required to access these applications?
  • Where are the trusted entities connecting from? Where are the protected applications located?
  • How are the trusted entities connecting to the protected applications?

To visualize, imagine a ZTNA solution delivered by Fortinet:

In this example, trusted entities are corporate users and devices accessing from homes, coffee shops, regional offices, and within the corporate headquarters (HQ). They require access to application servers within the internal server VLAN of the corporate HQ and application servers in the cloud. They may be accessing the application servers using remote desktop (RDP), SSH, HTTPS, SMB, or other means.

Traditionally, remote users will have VPN access to each of the protected networks, which requires various remote tunnels to be established. Internal clients may inadvertently be allowed more access than needed, such as access to the DMZ network.

ZTNA assumes no users or devices are trusted, until the trust broker confirms the device and user are who they are, and their security posture is compliant with the company standards. This greatly reduces unauthorized access from an unknown device with stolen credentials, and the chance of a compromised host accessing protected resources. Role-based access control reduces lateral movements and maintains similar access control based on access levels regardless of location.

In this document, we will explore the concept and components, and learn about how Fortinet delivers on each aspect of ZTNA.

Intended audience

Mid-level network and security architects in companies of all sizes and verticals should find this guide helpful.

About this guide

This guide aims to provide a broad overview of Zero Trust Network Access concepts, and introduce products in the Fortinet portfolio that work together to implement a scalable ZTNA solution. Industry standard terminologies are used, with introductions to Fortinet specific terms, concepts, and technologies. Readers can proceed to the ZTNA Architecture and ZTNA Deployment guides when they are familiar with the concept and terminology, and are ready to explore different designs to use in their environment.

Previous
Next