Configuration workflow

You can follow this configuration workflow, which the document describes in detail using the example configuration of a dynamic private access policy that allows access to private applications, which in this example is a private server behind the FortiGate hub:

Configure a zero trust network access (ZTNA) tagging rule set for compliant endpoints.
Configure a ZTNA tagging rule set for non-compliant endpoints.
Configure a dynamic private access policy to allow access to a specific private server from compliant endpoints.
Configure a dynamic private access policy to deny access to a specific private server from non-compliant endpoints.
Test the dynamic private access policies using ICMP ping to the specific private server from a compliant endpoint and from a non-compliant endpoint, respectively.

A similar workflow applies to a private access policy that allows or denies access to applications of any other protocols besides ICMP, such as TCP or UDP applications.

Configure a zero trust network access (ZTNA) tagging rule set for compliant endpoints.

Configure a ZTNA tagging rule set for non-compliant endpoints.

Configure a dynamic private access policy to allow access to a specific private server from compliant endpoints.

Configure a dynamic private access policy to deny access to a specific private server from non-compliant endpoints.

Test the dynamic private access policies using ICMP ping to the specific private server from a compliant endpoint and from a non-compliant endpoint, respectively.

A similar workflow applies to a private access policy that allows or denies access to applications of any other protocols besides ICMP, such as TCP or UDP applications.

FortiGate NGFW to FortiSASE SPA Hub Conversion Deployment Guide

Configuration workflow

Configuration workflow

Configuration workflow