Fortinet black logo

Administration Guide

Home FortiSASE Administration Guide

ZTNA

ZTNA

To configure the ZTNA tab:
  1. Create a new profile or edit an existing one:
    1. Go to Configuration > Profiles.
    2. Click Create or edit an existing profile.
    3. In the Name field, enter the desired name of the endpoint profile.
  2. On the ZTNA tab, configure Zero Trust Network Access (ZTNA) rules as desired:
    1. Click Create.
    2. In the Rule Name field, enter the desired name.
    3. In the Destination Host field, enter the IP address/FQDN and port of the destination host in the format <IP address or FQDN>:<port>. For example, you could enter demo.fortinet.com:22 as the destination host value.
    4. In the ZTNA Access Proxy field, enter the access IP address and port of the FortiGate acting as the access proxy in the same format. For example, you could enter 21.14.22.11:80 as the proxy gateway value.
    5. Enable or disable Encryption. By default, Encryption is disabled. When Encryption is enabled, traffic between FortiSASE and the FortiGate is always encrypted, even if the original traffic has already been encrypted.
    6. If desired, enable Use External Browser for SAML Authentication. FortiSASE can use a browser as an external user agent to perform SAML authentication instead of using the FortiClient console.
    7. Click OK.
Previous
Next

ZTNA

To configure the ZTNA tab:
  1. Create a new profile or edit an existing one:
    1. Go to Configuration > Profiles.
    2. Click Create or edit an existing profile.
    3. In the Name field, enter the desired name of the endpoint profile.
  2. On the ZTNA tab, configure Zero Trust Network Access (ZTNA) rules as desired:
    1. Click Create.
    2. In the Rule Name field, enter the desired name.
    3. In the Destination Host field, enter the IP address/FQDN and port of the destination host in the format <IP address or FQDN>:<port>. For example, you could enter demo.fortinet.com:22 as the destination host value.
    4. In the ZTNA Access Proxy field, enter the access IP address and port of the FortiGate acting as the access proxy in the same format. For example, you could enter 21.14.22.11:80 as the proxy gateway value.
    5. Enable or disable Encryption. By default, Encryption is disabled. When Encryption is enabled, traffic between FortiSASE and the FortiGate is always encrypted, even if the original traffic has already been encrypted.
    6. If desired, enable Use External Browser for SAML Authentication. FortiSASE can use a browser as an external user agent to perform SAML authentication instead of using the FortiClient console.
    7. Click OK.
Previous
Next