วีดีโอ

@abdallahrukab you're right, my bad. Thanks for the feedback. If you're interested in ZTNA course check out tkcybersec.net

Ya thanks I'm trying to keep close attention to the audio

@metaphal4389 Thanks, if you're interested in courses I have a promotion on my ZTNA course on tkcybersec.net

I feel this might answer your question, proxy chaining so setting up your FPX to forward HTTP.HTTPS to another proxy

@@colinarmstrong5970 Thanks

@colinarmstrong5970 Thanks if you're interested in ZTNA course check out tkcybersec.net

I believe if you create forticare account at support.fortinet.com you can download the EMS exe checkout my courses at tkcybersec.net

Hi, I'm not sure about the setup in your environments, IP addresses, firewall rules, routing, where the user is located, and where the EMS is located, so it's hard for me to tell. But to connect to EMS, you'd need routing set up to EMS, a Firewall Policy allowed to the EMS, or port forwarding if the user is outside your network coming from the public. check out my video course on ZTNA tkcybersec.net/courses/learn-fortigate-zero-trust-network-access-hands-on-labs/

sorry not sure why? this issue can be checked with Fortinet Support

@Nabiisco89 Hi, let me check about this and get back to you

Shipping address not required anymore, please try again after removing cache and make sure billing address is correct 👍, thanks and let me know if u have any questions.

@@cybersec3306awesome I was able to purchase it now, thank you!

Using ZTNA you can configure use access to one application only. checkout my courses at tkcybersec.net

thanks for the feedback, i'm not sure what you're refering to about digital carrer fields

Hi, if port number 10443 is not being used by any other service you can use it, and as far as i know you can map one IP to multiple HTTP/HTTPS server you can check out this article community.fortinet.com/t5/FortiGate/Technical-Tip-Accessing-multiple-web-servers-hosted-via-single/ta-p/259586 Also wanted to share my recent website and video courses currently on great promotion tkcybersec.net/

sorry for late replay i was away but check out this article community.fortinet.com/t5/Support-Forum/fortinet-ZTNA-licensing/m-p/289970#:~:text=You%20don't%20need%20an,the%20license%20best%20for%20you. Also wanted to share my recent website and video courses currently on great promotion tkcybersec.net/

VPN doesn't do endpoint security posture check or generate certificate for every endpoint connects to it.

@xlv600tr sorry missed your comment. Make sure under System > Features Visibility You enable Purdue Level

@@cybersec3306 Thanks a lot for answering. I activated "Purdue level" in Features Visibility ( it was inactive) but graphics didn't appear.

@@xlv600tr Not sure why i wouldn't show up check your firmware version this is feature that was released in 7.2 docs.fortinet.com/document/fortigate/7.2.0/new-features/498242/add-ot-asset-visibility-and-network-topology-to-asset-identity-center-page

@@cybersec3306 I have 7.6.0 . There is not that option in contestual menu. Maybe it depends from hardware-level appliance

@TheMeteorra89 no problem, happy it helped. Yes, you can use TCP Forwarding for RDP. If you're interested in full ZTNA course check out tkcybersec.thinkific.com/courses/ZTNA

I will do my best to make a video like this thanks for the feedback, if you can give me more details about the video you'd like that would help Also wanted to share my recent website and video courses currently on great promotion tkcybersec.net/

@aliabdulrazaq3852 you can keep the route connecting to EMS separate from VPN so you'll have constant connection to EMS whether you are connecting to VPN or not . Hope that answers your question

@KamiRedJJJ Sure, are you looking to integrate remote Forticlient with EMS? or integrate EMS with FGT in different locations?

Glad it helped Wanted to share my recent website and video courses currently on great promotion tkcybersec.net/

@mgstu I am planning to post a video for this upcoming weekend, hopefully. I believe the reason Blocked page is not showing up because the browser does not have an SSL certificate FGT is using.

@@cybersec3306 yes this was where I got to, but for people that come on site you dont cotnrol youll never install a cert, would having a "valid real" cert on the FG overcome this ? thanks !

Yes, this should work having a publicly signed cert.

Thanks and yes 8013 is the default port used for FortiTele communication

Hi apology for late reply -> you could do form-based authentication (basic does not support two-factor authentication) -> you might have to enable two-factor authentication in the proxy authentication rule (via CLI) For example: docs.fortinet.com/document/fortigate/7.0.0/new-features/591056/ztna-session-based-form-authentication-7-0-4 docs.fortinet.com/document/fortigate/7.0.0/new-features/461532/ztna-proxy-access-with-saml-authentication-example Also wanted to share my recent website and video courses currently on great promotion tkcybersec.net/

I believe you need to enable the SSL VPN feature visibility Go to System > Feature Visibility and enable SSL VPN

@@cybersec3306 sorry i forget to mention that i can't find SSL VPN on the EMS Server not on Fortigate. On 14:18 you got both options.

@@cybersec3306 Thank you!..i was wondering the same..

Thanks for pointing this out

I haven't tried this scenario but came across this document docs.fortinet.com/document/fortigate/7.4.1/administration-guide/553746/ztna-access-proxy-with-kdc-to-access-shared-drives

Hi, sorry i haven't worked on this scenario i would recommend looking through Fortinet documentations. docs.fortinet.com/ztna/7.4

In order for ZTNA tags to be received by FortiClient it need to be connected to EMS. RDP without FortiClient still possible if you have DNAT setup on FortiGate but it's recommended to use FortiClient with ZTNA or have VPN with ZTNA

Unfortunately, I don't have this documented, but thanks for bringing it up. This is something I can work on documenting.

You will need to have a remote user be able to reach the EMS on port, i believe 8013. As far as i know, remote users to access internal resources they need to hit a publicly accessible IP address not just for 1 time

@@cybersec3306correct 💪🏻

😆😆😆

Found this article that might help community.fortinet.com/t5/Support-Forum/ZTNA-with-2FA/td-p/215662

@@cybersec3306 tks man

Appreciate the feedback. Let me know if you have any questions.

You welcome ❤️