Configuring zero-trust network access (ZTNA) objects
Firewall addresses and groups that support zero-trust network access (ZTNA) can be configured in FortiManager to support ZTNA syntax for firewall policies. For more information on ZTNA, see the FortiGate Administration Guide.
To configure a ZTNA firewall address:
- Ensure you are in the correct ADOM.
- Go to Policy & Objects > Object Configurations, and select Firewall Objects > Addresses from the tree menu.
- Click Create New, and select Address from the dropdown menu.
- In the Type field, select Dynamic.
The Sub Type field is displayed. - Select FortiClient EMS Tag as the sub type.
The Object Type field is displayed. - Select IP or MAC as the tag object type.
- Click OK to save the address object.
To configure a ZTNA firewall address group:
- Ensure you are in the correct ADOM.
- Go to Policy & Objects > Object Configurations, and select Firewall Objects > Addresses from the tree menu.
- Click Create New, and select Address Groups from the dropdown menu.
- Enable the ZTNA Tag toggle and select EMS or Geographic IP.
- In the Members section, configure members based on the address group type.
- When the type is EMS, select group members from FortiClient EMS Tag address objects.
- When the type is Geographic IP, select group members from Geometry address objects.
- Click OK to save the address group.