Fortinet black logo

Administration Guide

Home FortiManager 7.0.0 Administration Guide

Configuring zero-trust network access (ZTNA) objects

7.0.0
7.4.2
7.4.1
7.4.0
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.6
6.2.5
6.2.3
6.2.2
6.2.1
6.2.0
6.0.12
6.0.11
6.0.10
6.0.9
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.6.11
5.6.10
5.6.9
5.6.8
5.6.7
5.6.6
5.6.5
5.6.4
5.6.3
5.6.2
5.6.1
5.6.0
5.4.7
5.4.6
5.4.5
5.4.4
5.4.3
5.4.2
5.4.1
5.4.0
5.2.10
5.2.7
5.2.6
5.2.4
5.2.3
5.2.2
5.2.1
5.2.0
5.0.12
5.0.11
5.0.10
5.0.9
5.0.8
5.0.7
5.0.6
5.0.5
5.0.4
5.0.3
5.0.2
4.3.8
4.3.7
4.3.6
4.3.5
4.3.4
4.3.3
4.3.2
4.3.1
4.3.0
4.2.9
4.2.8
4.2.7
4.2.6
4.2.5
4.2.4
4.2.3
4.2.2
4.2.1
4.2.0
4.1.0
4.0.3
4.0.2
4.0.1
4.0.0
Copy Link
Copy Doc ID 5359bbc6-a13f-11eb-b70b-00505692583a:334248
Download PDF

Configuring zero-trust network access (ZTNA) objects

Firewall addresses and groups that support zero-trust network access (ZTNA) can be configured in FortiManager to support ZTNA syntax for firewall policies. For more information on ZTNA, see the FortiGate Administration Guide.

To configure a ZTNA firewall address:
  1. Ensure you are in the correct ADOM.
  2. Go to Policy & Objects > Object Configurations, and select Firewall Objects > Addresses from the tree menu.
  3. Click Create New, and select Address from the dropdown menu.
  4. In the Type field, select Dynamic.
    The Sub Type field is displayed.
  5. Select FortiClient EMS Tag as the sub type.
    The Object Type field is displayed.
  6. Select IP or MAC as the tag object type.
  7. Click OK to save the address object.
To configure a ZTNA firewall address group:
  1. Ensure you are in the correct ADOM.
  2. Go to Policy & Objects > Object Configurations, and select Firewall Objects > Addresses from the tree menu.
  3. Click Create New, and select Address Groups from the dropdown menu.
  4. Enable the ZTNA Tag toggle and select EMS or Geographic IP.
  5. In the Members section, configure members based on the address group type.
    • When the type is EMS, select group members from FortiClient EMS Tag address objects.
    • When the type is Geographic IP, select group members from Geometry address objects.
  6. Click OK to save the address group.
Previous
Next

Configuring zero-trust network access (ZTNA) objects

Firewall addresses and groups that support zero-trust network access (ZTNA) can be configured in FortiManager to support ZTNA syntax for firewall policies. For more information on ZTNA, see the FortiGate Administration Guide.

To configure a ZTNA firewall address:
  1. Ensure you are in the correct ADOM.
  2. Go to Policy & Objects > Object Configurations, and select Firewall Objects > Addresses from the tree menu.
  3. Click Create New, and select Address from the dropdown menu.
  4. In the Type field, select Dynamic.
    The Sub Type field is displayed.
  5. Select FortiClient EMS Tag as the sub type.
    The Object Type field is displayed.
  6. Select IP or MAC as the tag object type.
  7. Click OK to save the address object.
To configure a ZTNA firewall address group:
  1. Ensure you are in the correct ADOM.
  2. Go to Policy & Objects > Object Configurations, and select Firewall Objects > Addresses from the tree menu.
  3. Click Create New, and select Address Groups from the dropdown menu.
  4. Enable the ZTNA Tag toggle and select EMS or Geographic IP.
  5. In the Members section, configure members based on the address group type.
    • When the type is EMS, select group members from FortiClient EMS Tag address objects.
    • When the type is Geographic IP, select group members from Geometry address objects.
  6. Click OK to save the address group.
Previous
Next