@TheMeteorra89 no problem, happy it helped. Yes, you can use TCP Forwarding for RDP. If you're interested in full ZTNA course check out tkcybersec.thinkific.com/courses/ZTNA
Hi. Thanks for sharing. I did the same way but getting internal connection error when doing rdp. Forti tech suggested to use proxy policy instead of normal firewall policy with ztna enabled.
Hi. If i following this logic i can have server mappings only if the port is not used in FG. Can i have one proxy on port 10443 for example which have server mapping on whole net 10.0.0.0/8 for example on tcp forwarding on all ports? How can i add whole net in ztna destinations? Thanks!
Hi, if port number 10443 is not being used by any other service you can use it, and as far as i know you can map one IP to multiple HTTP/HTTPS server you can check out this article community.fortinet.com/t5/FortiGate/Technical-Tip-Accessing-multiple-web-servers-hosted-via-single/ta-p/259586 Also wanted to share my recent website and video courses currently on great promotion tkcybersec.net/
I haven't tried this scenario but came across this document docs.fortinet.com/document/fortigate/7.4.1/administration-guide/553746/ztna-access-proxy-with-kdc-to-access-shared-drives
Hi apology for late reply -> you could do form-based authentication (basic does not support two-factor authentication) -> you might have to enable two-factor authentication in the proxy authentication rule (via CLI) For example: docs.fortinet.com/document/fortigate/7.0.0/new-features/591056/ztna-session-based-form-authentication-7-0-4 docs.fortinet.com/document/fortigate/7.0.0/new-features/461532/ztna-proxy-access-with-saml-authentication-example Also wanted to share my recent website and video courses currently on great promotion tkcybersec.net/
You will need to have a remote user be able to reach the EMS on port, i believe 8013. As far as i know, remote users to access internal resources they need to hit a publicly accessible IP address not just for 1 time
![[LIVE] : ONE ลุมพินี 86 | คู่เอก "คมเพชร vs ชาติพยัคฆ์"](http://i.ytimg.com/vi/m3q_dRYDuU8/mqdefault.jpg)
![ไลฟ์สุ่ม iPhone 295 บาท... โกงมั้ย?[ โกงมั้ยครับ ep.97 ] | DOM](http://i.ytimg.com/vi/gdstHEE4UUE/mqdefault.jpg)
Thanks buddy
Thank you!! Very nice tutorial.
I need a rdp-connection to a windows-server. Is this also possible?
@TheMeteorra89 no problem, happy it helped. Yes, you can use TCP Forwarding for RDP.
If you're interested in full ZTNA course check out
tkcybersec.thinkific.com/courses/ZTNA
Hi. Thanks for sharing. I did the same way but getting internal connection error when doing rdp. Forti tech suggested to use proxy policy instead of normal firewall policy with ztna enabled.
Great tutorial btw, just pointing out, you should never use ports below 1024 (822 for example is reserved for Mac OS X RPC-based services).
Thanks for pointing this out
Hi. If i following this logic i can have server mappings only if the port is not used in FG. Can i have one proxy on port 10443 for example which have server mapping on whole net 10.0.0.0/8 for example on tcp forwarding on all ports? How can i add whole net in ztna destinations? Thanks!
Hi, if port number 10443 is not being used by any other service you can use it, and as far as i know you can map one IP to multiple HTTP/HTTPS server you can check out this article
community.fortinet.com/t5/FortiGate/Technical-Tip-Accessing-multiple-web-servers-hosted-via-single/ta-p/259586
Also wanted to share my recent website and video courses currently on great promotion
tkcybersec.net/
Is it possible to do SMB through the ZTNA? So far I've been unsuccessful in getting it to work.
I haven't tried this scenario but came across this document
docs.fortinet.com/document/fortigate/7.4.1/administration-guide/553746/ztna-access-proxy-with-kdc-to-access-shared-drives
can MFA be applied on above use cases like RDP/SSH?
Hi apology for late reply
-> you could do form-based authentication (basic does not support two-factor authentication)
-> you might have to enable two-factor authentication in the proxy authentication rule (via CLI)
For example:
docs.fortinet.com/document/fortigate/7.0.0/new-features/591056/ztna-session-based-form-authentication-7-0-4
docs.fortinet.com/document/fortigate/7.0.0/new-features/461532/ztna-proxy-access-with-saml-authentication-example
Also wanted to share my recent website and video courses currently on great promotion
tkcybersec.net/
Do the remote user have to give external ip always in order to access internal resources or its just for 1 time for installing certificate?
You will need to have a remote user be able to reach the EMS on port, i believe 8013. As far as i know, remote users to access internal resources they need to hit a publicly accessible IP address not just for 1 time
@@cybersec3306correct 💪🏻
Hi I need to integrate ZTNA using 2FA with FortiToken 400
do you have any idea?
Found this article that might help
community.fortinet.com/t5/Support-Forum/ZTNA-with-2FA/td-p/215662
@@cybersec3306 tks man