Zero trust network access (ZTNA) is an access control method that uses client device identification, authentication, and Zero Trust tags to provide role-based application access. It gives administrators the flexibility to manage network access for on-net local users and off-net remote users. Access to applications is granted only after device verification, authenticating the user’s identity, authorizing the user, and then performing context-based posture checks using Zero Trust tags.
Traditionally, a user and a device have different sets of rules for on-net access and off-net VPN access to company resources. With a distributed workforce and access that spans company networks, data centers, and cloud, managing the rules can become complex. User experience is also affected when multiple VPNs are needed to get to various resources. ZTNA can improve this experience.
You can create Zero Trust tagging rules for endpoints based on their operating system versions, logged in domains, running processes, and other criteria. EMS uses the rules to dynamically group endpoints. FortiOS can use the dynamic endpoint groups to build dynamic policy rules.
See the Zero Trust Application Gateway Admin Guide for more information about ZTNA.