ZTNA HTTPS access proxy example

In this example, an HTTPS access proxy is configured to demonstrate its function as a reverse proxy on behalf of the web server it is protecting. It verifies user identity, device identity, and trust context, before granting access to the protected source.

This example shows access control that allows or denies traffic based on ZTNA tags. Traffic is allowed when the FortiClient endpoint is tagged as Low risk, and denied when the endpoint is tagged with Malicious-File-Detected.

This example assumes that the FortiGate EMS fabric connector is already successfully connected.


To configure ZTNA in the GUI, go to System > Feature Visibility and enable Zero Trust Network Access.

To configure a Zero Trust tagging rule on the FortiClient EMS: