Fortinet black logo

SSL VPN to ZTNA Migration Guide

Home FortiGate / FortiOS 7.2.2 SSL VPN to ZTNA Migration Guide

Deployment overview

7.2.2
7.2.5
7.2.2
Copy Link
Copy Doc ID 3661ce13-4674-11ed-9d74-fa163e15d75b:813800
Download PDF

Deployment overview

This document provides a deployment example of Fortinet's Zero Trust Network Access (ZTNA) for hosted web applications, covering the following solutions:

  • SSL VPN to ZTNA migration

    • Preparing your existing Fortinet SSL VPN solution to migrate to ZTNA

    • Overview of reusable components

  • ZTNA Access Proxy for hosted Web applications

    • HTTPS access proxy solution and architecture

    • Applies to both remote access and internal access to Web applications hosted on the internal network

    • No persistent connection (such as VPN) is necessary

Using a similar scenario and topology example from the ZTNA Architecture Guide, we will walk through deploying the core components by providing configuration examples to help you migrate from SSL VPN to ZTNA access proxy for remote users accessing hosted web applications.

The goal is to reduce the reliance on dial-up and SSL VPN by adding device authentication with role-based application access. We will focus on the services located at head quarters (HQ) along with remote users currently using SSL VPN. Concepts from this deployment guide can be applied to regional offices and even cloud datacenters.

Audience

This migration guide is aimed at companies with existing SSL VPN teleworking solution deployed with the FortiGate and FortiClient looking to secure their remote access using ZTNA. Midlevel network and security architects in companies of all sizes and verticals should find this guide helpful. A working knowledge of FortiOS and the Fortinet Security Fabric is helpful.

About this guide

This deployment guide describes the steps involved in deploying a specific architecture. Readers should first evaluate their environment to determine whether the architecture outlined in this guide suits them. It is advisable to review the Reference Architecture Guide(s), such as the ZTNA Architecture Guide, if readers are still in the process of selecting the right architecture. See also the ZTNA Concept Guide.

This deployment guide presents one of possibly many ways to deploy the solution. It may also omit specific steps where readers must make design decisions to further configure their devices. It is recommended that readers also review supplementary material found in product administration guides, example guides, cookbooks, release notes, and other documents where appropriate on the Fortinet Document Library.

Previous
Next

Deployment overview

This document provides a deployment example of Fortinet's Zero Trust Network Access (ZTNA) for hosted web applications, covering the following solutions:

  • SSL VPN to ZTNA migration

    • Preparing your existing Fortinet SSL VPN solution to migrate to ZTNA

    • Overview of reusable components

  • ZTNA Access Proxy for hosted Web applications

    • HTTPS access proxy solution and architecture

    • Applies to both remote access and internal access to Web applications hosted on the internal network

    • No persistent connection (such as VPN) is necessary

Using a similar scenario and topology example from the ZTNA Architecture Guide, we will walk through deploying the core components by providing configuration examples to help you migrate from SSL VPN to ZTNA access proxy for remote users accessing hosted web applications.

The goal is to reduce the reliance on dial-up and SSL VPN by adding device authentication with role-based application access. We will focus on the services located at head quarters (HQ) along with remote users currently using SSL VPN. Concepts from this deployment guide can be applied to regional offices and even cloud datacenters.

Audience

This migration guide is aimed at companies with existing SSL VPN teleworking solution deployed with the FortiGate and FortiClient looking to secure their remote access using ZTNA. Midlevel network and security architects in companies of all sizes and verticals should find this guide helpful. A working knowledge of FortiOS and the Fortinet Security Fabric is helpful.

About this guide

This deployment guide describes the steps involved in deploying a specific architecture. Readers should first evaluate their environment to determine whether the architecture outlined in this guide suits them. It is advisable to review the Reference Architecture Guide(s), such as the ZTNA Architecture Guide, if readers are still in the process of selecting the right architecture. See also the ZTNA Concept Guide.

This deployment guide presents one of possibly many ways to deploy the solution. It may also omit specific steps where readers must make design decisions to further configure their devices. It is recommended that readers also review supplementary material found in product administration guides, example guides, cookbooks, release notes, and other documents where appropriate on the Fortinet Document Library.

Previous
Next