Editing a proxy rule
A proxy rule is used to enforce access control. ZTNA tags or tag groups can be added into a rule to enforce zero trust role based access.
On the FortiPAM GUI, you can only edit an existing proxy rule. Use the CLI to create new proxy rules ( |
A default FortiPAM_Default proxy rule is available in the proxy rules list. |
To configure a proxy rule:
- Go to System > ZTNA.
- In the proxy rules list, select a proxy rule and then select Edit.
Alternatively, in the proxy rules list, double-click a proxy rule to edit it.
The Edit Proxy Rule window opens.
-
Enter the following information:
Enable this rule
Toggle on to enable the proxy rule.
Name
The name of the proxy rule.
Names are not fixed and can be changed later.
Incoming Interface
Select incoming interfaces or create new interfaces.
Use the search bar to look for an interface.
Use the pen icon next to the interface to edit it.
Access Proxy
The corresponding access proxy and VIP.
The Access Proxy pane is read-only.
ZTNA Control
Enable/disable ZTNA control for the proxy rule.
ZTNA control is equivalent to
client-cert
in the access proxy.ZTNA Tag
Add the ZTNA tags or tag groups that are allowed access.
ZTNA tags are synchronized from the EMS side.
Use the search bar to look for a ZTNA tag.
Match ZTNA tags
If multiple tags are included, select Any or All (default = Any).
Under Connected EMS on the right, you can see connected EMS(s).
Hovering over one of the EMS displays a tooltip with additional details about that EMS.
- Click OK.