Configuring a ZTNA server
Before you can configure ZTNA server settings, ZTNA Server must be enabled in the Display Options. |
To configure a ZTNA server, define the access proxy VIP and the real servers that clients will connect to. The access proxy VIP is the FortiGate ZTNA gateway that clients make HTTPS connections to. The service/server mappings define the virtual host matching rules and the real server mappings of the HTTPS requests.
Once a ZTNA server has been configured, you can use ZTNA tags in policies. See Zero Trust Network Access (ZTNA) rules.
To create a ZTNA Server:
- Go to Policy & Objects > Object Configurations > Firewall Objects > ZTNA Server, and click Create New.
- Enter a name for the server.
- Select an external interface, enter the external IP address, and select the external port that the clients will connect to.
- Select the Default certificate. Clients will be presented with this certificate when they connect to the access proxy VIP.
- Add a server mapping, and a server.
- Click OK to save your changes.