Description | This article describes how to create a ZTNA profile in FortiADC. |
Scope | EMS, FortiClient, FortiADC. |
Solution |
This article describes how to configure a Security Fabric connection and how to create a ZTNA security profile on FortiADC.
Security Fabric connection between EMS and FortiADC:
Navigate to FortiADC -> Security Fabric -> Fabric Connectors -> Core Network Security -> FortiClient EMS. Enter the EMS IP address and port and select Save.
Creating a ZTNA profile on FortiADC:
Navigate to FortiADC -> Network Security -> ZTNA. ZTNA tags should be visible under the ZTNA Tags tab after a successful Security Fabric connection. Select the ZTNA Profile Tab and select Create New. After entering a name for profile, the Create New button will be activated.
Implementing the ZTNA profile on a Virtual Server:
In order to apply a ZTNA profile to virtual server, a TCPS or HTTPS profile should be selected. (For the default profile, use 'LB_PROF_TCPS' or 'LB_PROF_HTTPS').
Either create a new Client Certificate Profile from the Virtual Server profile, or navigate to FortiADC -> System -> Verify -> Create New. Select a certificate with the name of the EMS Serial number.
After creating a Client Certificate and verifying the profile, it should be assigned to the Virtual server. In order to assign a verified Client Certificate profile to a virtual server, navigate to Server Load Balance -> Virtual Server -> highlight virtual server and select Edit -> General -> Client SSL Profile -> Create New -> Edit name of the profile and select new Client Certificate Verify profile which is created earlier.
Assigning a ZTNA Security Profile to a Virtual Server:
Navigate to FortiADC -> Server Load Balance -> Virtual Server -> highlight virtual server and select Edit -> Security -> Select ZTNA Security Profile from the drop-down menu.
After configuring a ZTNA security profile, the endpoint computer should comply with the following in order to reach the backend servers:
If every condition matches, the endpoint computer can reach the backend server securely. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.