Fortinet black logo

SSL VPN to ZTNA Migration Guide

Home FortiGate / FortiOS 7.2.5 SSL VPN to ZTNA Migration Guide
7.2.5
7.2.5
7.2.2

Success criteria

Success criteria

In the ZTNA design, the goal is to enhance security by improving identity and posture checking of devices connecting to the internal network, and by reducing the attack surface of traditional dial-up VPN. In our use case, the following success criteria is detailed:

  • Block Unmanaged Devices and devices that cannot prove their identity (No device certificate).

  • Allow only identified user groups access to only the specific applications that they need.

  • For remote users, limit direct access to the internal network for web applications.

  • Dynamically deny access to devices with critical vulnerabilities both on the internal network and remote.

  • Dynamically allow access once the vulnerabilities are remediated.

  • Reduce the reliance on dial-up and SSL VPN.

  • Use a phased approach to migrate SSL VPN implementation to ZTNA.

Previous
Next

Success criteria

In the ZTNA design, the goal is to enhance security by improving identity and posture checking of devices connecting to the internal network, and by reducing the attack surface of traditional dial-up VPN. In our use case, the following success criteria is detailed:

  • Block Unmanaged Devices and devices that cannot prove their identity (No device certificate).

  • Allow only identified user groups access to only the specific applications that they need.

  • For remote users, limit direct access to the internal network for web applications.

  • Dynamically deny access to devices with critical vulnerabilities both on the internal network and remote.

  • Dynamically allow access once the vulnerabilities are remediated.

  • Reduce the reliance on dial-up and SSL VPN.

  • Use a phased approach to migrate SSL VPN implementation to ZTNA.

Previous
Next