Fortinet black logo

SSL VPN to ZTNA Migration Guide

Home FortiGate / FortiOS 7.2.5 SSL VPN to ZTNA Migration Guide
7.2.5
7.2.5
7.2.2

Conclusion

Conclusion

This concludes the SSL VPN teleworking to ZTNA migration for Hosted Web resources.

To recap:

  • FortiClient EMS was updated to add the ZTNA module and enable new ZTNA tagging rules

  • FortiGate was connected to the FortiClient EMS via the Fabric Connector

  • Hosted web resources were migrated one by one based on the user groups that are allowed to access them

    • Web resources belonging to the Administrator group was migrated first, since it only affected Administrators

    • Web resources belonging to the Finance group was migrated next, since it only affected the Finance team

    • Web resources that were accessible to all were migrated last

  • During each migration step, access was tested to verify each group was still able to access the migrated web resources remotely

  • For On-net use cases, policies were created to verify the security postures of devices in order to prevent vulnerable devices from accessing web resources

  • Finally, SSL VPN access was removed once ZTNA access have been verified

These steps represent the process for migrating a basic SSL VPN teleworking setup. They also lay the foundation for building more scalable networks based on role based access control and security postures that you define with EMS’s Zero Trust Tagging Rules. For information on more security posture checks, see the Endpoint Posture Check reference guide.

Previous
Next

Conclusion

This concludes the SSL VPN teleworking to ZTNA migration for Hosted Web resources.

To recap:

  • FortiClient EMS was updated to add the ZTNA module and enable new ZTNA tagging rules

  • FortiGate was connected to the FortiClient EMS via the Fabric Connector

  • Hosted web resources were migrated one by one based on the user groups that are allowed to access them

    • Web resources belonging to the Administrator group was migrated first, since it only affected Administrators

    • Web resources belonging to the Finance group was migrated next, since it only affected the Finance team

    • Web resources that were accessible to all were migrated last

  • During each migration step, access was tested to verify each group was still able to access the migrated web resources remotely

  • For On-net use cases, policies were created to verify the security postures of devices in order to prevent vulnerable devices from accessing web resources

  • Finally, SSL VPN access was removed once ZTNA access have been verified

These steps represent the process for migrating a basic SSL VPN teleworking setup. They also lay the foundation for building more scalable networks based on role based access control and security postures that you define with EMS’s Zero Trust Tagging Rules. For information on more security posture checks, see the Endpoint Posture Check reference guide.

Previous
Next