Fortinet black logo

SSL VPN to ZTNA Migration Guide

Home FortiGate / FortiOS 7.2.2 SSL VPN to ZTNA Migration Guide
7.2.2
7.2.5
7.2.2

ZTNA server configurations

ZTNA server configurations

One of the first essential steps is defining the ZTNA server. In our ZTNA server definition, we will apply the external IP of 10.0.3.10 on port 443. Then we will create 3 HTTPS server mappings to our respective services.

To configure the ZTNA server from GUI:

  1. Under Policy & Objects > ZTNA, go to the ZTNA Servers tab.

  2. Click Create New to create a new entry.

  3. Input the following:

    Name ZTNA Webserver
    External Interface port3
    External IP 10.0.3.10
    External port 443
    External certificate

  4. Choose the wildcard certificate that applies to your domain. In our example, ztna-wildcard.

    		5.

  5. Under Services/servers mapping, click Create new.

  6. For FortiAnalyzer web access enter the following and click OK:

    Service HTTPS
    Virtual Host Specify
    Match By Substring
    Host

  7. zfaz.ztnademo.com

    		8.
    Use certificate

  8. ztna-wildcard

    		9.
    Server

    Click Create New, input the following, and click OK:

    • Type: IP

    • IP: 10.88.0.2

    • Port: 443

    • Status: Active

  9. For FortiClient EMS web access enter the following and click OK:

    Service HTTPS
    Virtual Host Specify
    Match By Substring
    Host

    zems.ztnademo.com
    Use certificate

  10. ztna-wildcard

    		11.
    Server

    Click Create New, input the following, and click OK:

    • Type: IP

    • IP: 10.88.0.1

    • Port: 443

    • Status: Active

  11. For FortiAuthenticator web access, enter the following and click OK:

    Service HTTPS
    Virtual Host Specify
    Match By Substring
    Host

    zfac.ztnademo.com
    Use certificate

  12. ztna-wildcard

    		13.
    Server

    Click Create New, input the following, and click OK:

    • Type: IP

    • IP: 10.88.0.7

    • Port: 443

    • Status: Active

  13. Click OK to finish.

Previous
Next

ZTNA server configurations

One of the first essential steps is defining the ZTNA server. In our ZTNA server definition, we will apply the external IP of 10.0.3.10 on port 443. Then we will create 3 HTTPS server mappings to our respective services.

To configure the ZTNA server from GUI:

  1. Under Policy & Objects > ZTNA, go to the ZTNA Servers tab.

  2. Click Create New to create a new entry.

  3. Input the following:

    Name ZTNA Webserver
    External Interface port3
    External IP 10.0.3.10
    External port 443
    External certificate

  4. Choose the wildcard certificate that applies to your domain. In our example, ztna-wildcard.

    		5.

  5. Under Services/servers mapping, click Create new.

  6. For FortiAnalyzer web access enter the following and click OK:

    Service HTTPS
    Virtual Host Specify
    Match By Substring
    Host

  7. zfaz.ztnademo.com

    		8.
    Use certificate

  8. ztna-wildcard

    		9.
    Server

    Click Create New, input the following, and click OK:

    • Type: IP

    • IP: 10.88.0.2

    • Port: 443

    • Status: Active

  9. For FortiClient EMS web access enter the following and click OK:

    Service HTTPS
    Virtual Host Specify
    Match By Substring
    Host

    zems.ztnademo.com
    Use certificate

  10. ztna-wildcard

    		11.
    Server

    Click Create New, input the following, and click OK:

    • Type: IP

    • IP: 10.88.0.1

    • Port: 443

    • Status: Active

  11. For FortiAuthenticator web access, enter the following and click OK:

    Service HTTPS
    Virtual Host Specify
    Match By Substring
    Host

    zfac.ztnademo.com
    Use certificate

  12. ztna-wildcard

    		13.
    Server

    Click Create New, input the following, and click OK:

    • Type: IP

    • IP: 10.88.0.7

    • Port: 443

    • Status: Active

  13. Click OK to finish.

Previous
Next