Basic ZTNA configuration

To deploy full ZTNA, configure the following components on the FortiGate:

  1. Configure a FortiClient EMS connector

  2. Configure a ZTNA server

  3. Configure a ZTNA rule

  4. Configure a firewall policy for full ZTNA

  5. Optional authentication

Note

To configure ZTNA in the GUI, go to System > Feature Visibility and enable Zero Trust Network Access.

Configure a FortiClient EMS connector

To add an on-premise FortiClient EMS server in the GUI:
  1. Go to Security Fabric > Fabric Connectors.

  2. Click Create New and click FortiClient EMS.

  3. Enter a name for the connector and the IP address or FQDN of the EMS.

  4. Click OK.

  5. A window appears to verify the EMS server certificate. Click Accept.

    See FortiClient EMS for more information.

To add an on-premise FortiClient EMS server in the CLI:
config endpo