Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 8.0.0
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    CLI Reference

    8.0.0
    8.0.0
    7.6.6
    7.6.5
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.11
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.13
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.19
    7.0.18
    7.0.17
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.16
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.17
    6.2.16
    6.2.15
    6.2.14
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.5
    6.2.4
    6.2.3
    6.2.2
    6.2.1
    6.0.0
    5.6.0
    5.4.0
    5.2.0
    5.0.0

    config ztna reverse-connector

    config ztna reverse-connector

    Configure ZTNA Reverse-Connector.

    config ztna reverse-connector
    Description: Configure ZTNA Reverse-Connector.
    edit <name>
        set address {string}
        set certificate {string}
        set default-incoming-vip {string}
        set health-check-interval {integer}
        set interface {string}
        set interface-select-method [auto|sdwan|...]
        set port {integer}
        set source-ip {ipv4-address}
        set source-ip-interface {string}
        set ssl-max-version [tls-1.1|tls-1.2|...]
        set ssl-min-version [tls-1.1|tls-1.2|...]
        set status [enable|disable]
        set trusted-server-ca {string}
        set vrf-select {integer}
    next
end

    config ztna reverse-connector

    Parameter

    Description

    Type

    Size

    Default

    address

    Connector service edge adress(IP or FQDN).

    string

    Maximum length: 255

    certificate

    The name of the certificate to use for SSL handshake.

    string

    Maximum length: 35

    default-incoming-vip *

    Default Incoming Virtual IP name.

    string

    Maximum length: 79

    health-check-interval

    Health check interval in seconds (0 - 600, default = 60, 0 = disable).

    integer

    Minimum value: 0 Maximum value: 600

    60

    interface *

    Specify outgoing interface to reach server.

    string

    Maximum length: 15

    interface-select-method *

    Specify how to select outgoing interface to reach server.

    option

    -

    auto

    Option

    Description

    auto

    Set outgoing interface automatically.

    sdwan

    Set outgoing interface by SD-WAN or policy routing rules.

    specify

    Set outgoing interface manually.

    name

    Reverse-Connector name

    string

    Maximum length: 35

    port

    Port number that traffic uses to connect to connector service edge(1 - 65535;).

    integer

    Minimum value: 1 Maximum value: 65535 **

    0

    source-ip *

    FortiGate IPv4 address to be used for ZTNA reverse-connector connection.

    ipv4-address

    Not Specified

    0.0.0.0

    source-ip-interface *

    Source interface to be used for ZTNA reverse-connector connection.

    string

    Maximum length: 15

    ssl-max-version

    Highest TLS version acceptable from a server.

    option

    -

    tls-1.3

    Option

    Description

    tls-1.1

    TLS 1.1.

    tls-1.2

    TLS 1.2.

    tls-1.3

    TLS 1.3.

    ssl-min-version *

    Lowest SSL/TLS version acceptable from a server.

    option

    -

    tls-1.2

    Option

    Description

    tls-1.1

    TLS 1.1.

    tls-1.2

    TLS 1.2.

    tls-1.3

    TLS 1.3.

    status

    Reverse-Connector status.

    option

    -

    enable

    Option

    Description

    enable

    Enable the reverse-connector.

    disable

    Disable the reverse-connector.

    trusted-server-ca

    Trusted Server CA certificate used by SSL connection.

    string

    Maximum length: 79

    vrf-select *

    VRF ID used for connection to server.

    integer

    Minimum value: 0 Maximum value: 511

    0

    * This parameter may not exist in some models.

    ** Values may differ between models.

    Previous
    Next

    config ztna reverse-connector

    config ztna reverse-connector

    Configure ZTNA Reverse-Connector.

    config ztna reverse-connector
    Description: Configure ZTNA Reverse-Connector.
    edit <name>
        set address {string}
        set certificate {string}
        set default-incoming-vip {string}
        set health-check-interval {integer}
        set interface {string}
        set interface-select-method [auto|sdwan|...]
        set port {integer}
        set source-ip {ipv4-address}
        set source-ip-interface {string}
        set ssl-max-version [tls-1.1|tls-1.2|...]
        set ssl-min-version [tls-1.1|tls-1.2|...]
        set status [enable|disable]
        set trusted-server-ca {string}
        set vrf-select {integer}
    next
end

    config ztna reverse-connector

    Parameter

    Description

    Type

    Size

    Default

    address

    Connector service edge adress(IP or FQDN).

    string

    Maximum length: 255

    certificate

    The name of the certificate to use for SSL handshake.

    string

    Maximum length: 35

    default-incoming-vip *

    Default Incoming Virtual IP name.

    string

    Maximum length: 79

    health-check-interval

    Health check interval in seconds (0 - 600, default = 60, 0 = disable).

    integer

    Minimum value: 0 Maximum value: 600

    60

    interface *

    Specify outgoing interface to reach server.

    string

    Maximum length: 15

    interface-select-method *

    Specify how to select outgoing interface to reach server.

    option

    -

    auto

    Option

    Description

    auto

    Set outgoing interface automatically.

    sdwan

    Set outgoing interface by SD-WAN or policy routing rules.

    specify

    Set outgoing interface manually.

    name

    Reverse-Connector name

    string

    Maximum length: 35

    port

    Port number that traffic uses to connect to connector service edge(1 - 65535;).

    integer

    Minimum value: 1 Maximum value: 65535 **

    0

    source-ip *

    FortiGate IPv4 address to be used for ZTNA reverse-connector connection.

    ipv4-address

    Not Specified

    0.0.0.0

    source-ip-interface *

    Source interface to be used for ZTNA reverse-connector connection.

    string

    Maximum length: 15

    ssl-max-version

    Highest TLS version acceptable from a server.

    option

    -

    tls-1.3

    Option

    Description

    tls-1.1

    TLS 1.1.

    tls-1.2

    TLS 1.2.

    tls-1.3

    TLS 1.3.

    ssl-min-version *

    Lowest SSL/TLS version acceptable from a server.

    option

    -

    tls-1.2

    Option

    Description

    tls-1.1

    TLS 1.1.

    tls-1.2

    TLS 1.2.

    tls-1.3

    TLS 1.3.

    status

    Reverse-Connector status.

    option

    -

    enable

    Option

    Description

    enable

    Enable the reverse-connector.

    disable

    Disable the reverse-connector.

    trusted-server-ca

    Trusted Server CA certificate used by SSL connection.

    string

    Maximum length: 79

    vrf-select *

    VRF ID used for connection to server.

    integer

    Minimum value: 0 Maximum value: 511

    0

    * This parameter may not exist in some models.

    ** Values may differ between models.

    Previous
    Next