Fortinet black logo

New Features

7.0.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.0

GUI support for multiple ZTNA features 7.0.2

GUI support for multiple ZTNA features 7.0.2

When configuring a ZTNA server, load balancing, TCP forwarding, and SAML can be configured in the GUI.

Load balancing

Load balancing can be configured when adding or editing a service or server mapping.

When adding a load balancing server:

  • If the load balancing method is Weighted then the weight can be included.

  • If the method is HTTP Host an HTTP host server domain name can be included in the HTTP header that is forwarded to the real server.

TCP forwarding and SSH

TCP forwarding can be selected as the service when adding or editing a service or server mapping.

Add servers from firewall addresses. Enable Enable Additional SSH Option to configure a client certificate and host key validation.

A client certificate allows users to perform one-time user authentication to authenticate the SSH access proxy. See ZTNA SSH access proxy example for details. Select a certificate from the drop-down list, or create a new one.

Host key validation allows the ZTNA proxy to validate the SSH server using the host key before forwarding traffic to it. Click in the Host key field to add or create an SSH host key.

SAML

SAML can be enabled when configuring a ZTNA server, and a SAML SSO server can be selected or created.

If the SAML SSO server does not have an authentication scheme or rule associated with it, warnings are shown.

Click Configure in each warning to add an authentication scheme and rule.

Previous
Next

GUI support for multiple ZTNA features 7.0.2

When configuring a ZTNA server, load balancing, TCP forwarding, and SAML can be configured in the GUI.

Load balancing

Load balancing can be configured when adding or editing a service or server mapping.

When adding a load balancing server:

  • If the load balancing method is Weighted then the weight can be included.

  • If the method is HTTP Host an HTTP host server domain name can be included in the HTTP header that is forwarded to the real server.

TCP forwarding and SSH

TCP forwarding can be selected as the service when adding or editing a service or server mapping.

Add servers from firewall addresses. Enable Enable Additional SSH Option to configure a client certificate and host key validation.

A client certificate allows users to perform one-time user authentication to authenticate the SSH access proxy. See ZTNA SSH access proxy example for details. Select a certificate from the drop-down list, or create a new one.

Host key validation allows the ZTNA proxy to validate the SSH server using the host key before forwarding traffic to it. Click in the Host key field to add or create an SSH host key.

SAML

SAML can be enabled when configuring a ZTNA server, and a SAML SSO server can be selected or created.

If the SAML SSO server does not have an authentication scheme or rule associated with it, warnings are shown.

Click Configure in each warning to add an authentication scheme and rule.

Previous
Next