Fortinet white logo
Fortinet white logo

Administration Guide

Configuring a ZTNA server

Configuring a ZTNA server

Note

You must enable the visibility of this feature in Policy & Objects before it can be configured. To toggle feature visibility, go to Policy & Objects > Tools > Feature Visibility, and add or remove a checkmark for the corresponding feature.

To configure a ZTNA server, define the access proxy VIP and the real servers that clients will connect to. The access proxy VIP is the FortiGate ZTNA gateway that clients make HTTPS connections to. The service/server mappings define the virtual host matching rules and the real server mappings of the HTTPS requests.

Once a ZTNA server has been configured, you can select the object in a proxy policy with the ZTNA proxy type. See Create a new proxy policy.

To create a ZTNA Server:
  1. Go to Policy & Objects > Firewall Objects > ZTNA Server, and click Create New.
  2. Enter a name for the server.
  3. Select an External Interface, enter the External IP address, and select the External Port that the clients will connect to.
  4. Select the Default Certificate. Clients will be presented with this certificate when they connect to the access proxy VIP.
  5. Add a server mapping, and a server.
  6. Click OK to save your changes.

Configuring a ZTNA server

Configuring a ZTNA server

Note

You must enable the visibility of this feature in Policy & Objects before it can be configured. To toggle feature visibility, go to Policy & Objects > Tools > Feature Visibility, and add or remove a checkmark for the corresponding feature.

To configure a ZTNA server, define the access proxy VIP and the real servers that clients will connect to. The access proxy VIP is the FortiGate ZTNA gateway that clients make HTTPS connections to. The service/server mappings define the virtual host matching rules and the real server mappings of the HTTPS requests.

Once a ZTNA server has been configured, you can select the object in a proxy policy with the ZTNA proxy type. See Create a new proxy policy.

To create a ZTNA Server:
  1. Go to Policy & Objects > Firewall Objects > ZTNA Server, and click Create New.
  2. Enter a name for the server.
  3. Select an External Interface, enter the External IP address, and select the External Port that the clients will connect to.
  4. Select the Default Certificate. Clients will be presented with this certificate when they connect to the access proxy VIP.
  5. Add a server mapping, and a server.
  6. Click OK to save your changes.