ZTNA server configurations
One of the first essential steps is defining the ZTNA server. In our ZTNA server definition, we will apply the external IP of 10.0.3.10 on port 443. Then we will create 3 HTTPS server mappings to our respective services.
To configure the ZTNA server from GUI:
-
Under Policy & Objects > ZTNA, go to the ZTNA Servers tab.
-
Click Create New to create a new entry.
-
Input the following:
Name ZTNA Webserver External Interface port3 External IP 10.0.3.10 External port 443 External certificate Choose the wildcard certificate that applies to your domain. In our example, ztna-wildcard.
-
Under Services/servers mapping, click Create new.
-
For FortiAnalyzer web access enter the following and click OK:
Service HTTPS Virtual Host Specify Match By Substring Host zfaz.ztnademo.com
Use certificate ztna-wildcard
Server Click Create New, input the following, and click OK:
-
Type: IP
-
IP: 10.88.0.2
-
Port: 443
-
Status: Active
-
For FortiClient EMS web access enter the following and click OK:
Service HTTPS Virtual Host Specify Match By Substring Host zems.ztnademo.com
Use certificate ztna-wildcard
Server Click Create New, input the following, and click OK:
-
Type: IP
-
IP: 10.88.0.1
-
Port: 443
-
Status: Active
-
For FortiAuthenticator web access, enter the following and click OK:
Service HTTPS Virtual Host Specify Match By Substring Host zfac.ztnademo.com
Use certificate ztna-wildcard
Server Click Create New, input the following, and click OK:
-
Type: IP
-
IP: 10.88.0.7
-
Port: 443
-
Status: Active
-
Click OK to finish.