Help
FortiClient
FortiClient proactively defends against advanced attacks. Its tight integration with the Security Fabric enables policy-based automation to contain threats and control outbreaks. FortiClient is compatible with Fabric-Ready partners to further strengthen enterprises’ security posture.
JHelio
Staff
Staff

Created on ‎03-26-2024 11:21 PM Edited on ‎03-26-2024 11:22 PM By Community Manager

Article Id 306677

Technical Tip: FortiClient does not send ZTNA traffic when using a wrong FQDN syntax

Description This article describes when FortiClient does not send ZTNA traffic when using the wrong FQDN syntax.
Scope FortiClient endpoint v7.2.2.
Solution

FortiClient does not send traffic if the ZTNA rule for FQDN does not have the specific syntax.

 

For example:

This setting will work when setting FQDN destination host like 'test01.test.local:8000' and will be converted by ZTNA traffic and be received at FortiGate.

 

Result:

FortiClient will send ZTNA traffic to the destination.


The below setting will not work due to FQDN having the wrong syntax as 'test02:80' and will not be converted by ZTNA.

The FQDN 'test02' is not complete and Forticlient will not send ZTNA traffic to the destination.

 

A solution can be to modify it as 'test02.local:80' for example and FortiClient will accept FQDN and then send ZTNA traffic to the destination.
110
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.