ZTNA HTTPS access proxy with basic authentication example

This example expands on the previous example (ZTNA HTTPS access proxy example), adding LDAP authentication to the ZTNA rule. Users are allowed based on passing the client certificate authentication check, user authentication, and security posture check.

Users that are in the AD security group ALLOWED-VPN are allowed access to the access proxy. Users that are not part of this security group are not allowed access.

This example assumes that the FortiGate EMS fabric connector is already successfully connected.

LDAP/Active Directory Users and Groups:

  • Domain: KLHOME.local

  • Users (Groups):

    • radCurtis (Domain Users, ALLOWED-VPN)

    • radKeith (Domain Users)

To configure a secure connection to the LDAP server in the GUI:
  1. Go to User & Authentication > LDAP Servers and click Create New.

  2. Configure the following settings:

    Name

    WIN2K16-KLHOME-LDAPS

    Server IP/Name

    192.168.20.6