Fortinet black logo

CLI Reference

server-policy ztna-profile

server-policy ztna-profile

Use this command to configure ZTNA profile.

For more information on ZTNA, please refer to "Chapter: Zero Trust Network Access (ZTNA)" in FortiWeb Administration Guide.

To use this command, your administrator account’s access control profile must have either w or rw permission to the traroutegrp area. For details, see Permissions.

Syntax

config server-policy ztna-profile

edit <ztna-profile_name>

set action {pass | alert_deny | deny_no_log}

config rule list

edit <rule-list_index>

set rule-name <ztna-rule_name>

next

end

next

end

Variable Description Default

"<ztna-profile_name>"

Enter the name of the ZTNA profile. The maximum length is 63 characters.

To display the list of existing profiles, enter:

edit ?

No default.

action {pass | alert_deny | deny_no_log}

Select the specific action to be taken when the request matches the policy.

  • pass—Accept the request.

  • alert_deny—Block the request (or reset the connection) and generate an alert email and/or log message.

  • deny_no_log—Deny a request. Do not generate a log message.

pass

<rule-list_index>

Enter the rule list index number.

No default.

ztna-rule_name

Enter the ZTNA rule name.

See server-policy ztna-rule for how to create ZTNA rules.

No default.


Related topics

server-policy ztna-profile

Use this command to configure ZTNA profile.

For more information on ZTNA, please refer to "Chapter: Zero Trust Network Access (ZTNA)" in FortiWeb Administration Guide.

To use this command, your administrator account’s access control profile must have either w or rw permission to the traroutegrp area. For details, see Permissions.

Syntax

config server-policy ztna-profile

edit <ztna-profile_name>

set action {pass | alert_deny | deny_no_log}

config rule list

edit <rule-list_index>

set rule-name <ztna-rule_name>

next

end

next

end

Variable Description Default

"<ztna-profile_name>"

Enter the name of the ZTNA profile. The maximum length is 63 characters.

To display the list of existing profiles, enter:

edit ?

No default.

action {pass | alert_deny | deny_no_log}

Select the specific action to be taken when the request matches the policy.

  • pass—Accept the request.

  • alert_deny—Block the request (or reset the connection) and generate an alert email and/or log message.

  • deny_no_log—Deny a request. Do not generate a log message.

pass

<rule-list_index>

Enter the rule list index number.

No default.

ztna-rule_name

Enter the ZTNA rule name.

See server-policy ztna-rule for how to create ZTNA rules.

No default.


Related topics