How to use Fortinet Zero Trust Network Access (ZTNA Demo)
HTML-код
- Опубликовано: 1 окт 2021
- Hello everyone!
In this video I am going to show you Fortinet ZTNA. It's a very simple thing to setup and the documentation on it is really easy to follow along with. I really hope you guys enjoy this video be sure to check out my Instagram @emerychad
Links:
ZTNA : www.fortinet.com/solutions/en...
FortiEMS Trial : www.fortinet.com/demand/gated...
FortiEMS Requirements: docs.fortinet.com/document/fo... 
Наука
Finally a true ZTNA demo in real use, thanks!!
When I was considering ZTNA for my employer it was super frustrating because I couldn’t find hardly anything on it. I hope this was helpful and thanks for watching!
The NSE4 requires you to know how to configure ZTNA and this video helped. Once again Chad you have come through. Thank you so much!
Thanks so much Chad for the video finally I found some well-explained useful content about ZTNA.
Thank you Maryam for your support. I will be working on more ZTNA content soon.
Thanks Chad , well explained in just 16 minutes
Thanks! Was reading/studying for NSE4 and ZTNA pops up in the Infrastructure section. I never understood what a "ZTNA Tag" is, because they haven't explained it (yet). Much easier to understand when you see what it is and how it can be used.
I’m glad you found my video beneficial! ZTNA is definitely something that could use some better documentation on Fortinet’s end. Best of luck on your NSE4! I’ll be doing some more Fortinet content down the road and also cover some Palo stuff. Thank you for watching!!
Thank you! I needed this!
Really helpful. Thank you!
Thanks for the video. I'm really, and I mean really new to ztna. Do you need EMS to make it work, or can it all be done through a firewall? I have a client that once we upgrade him to 100F he will be a prime candite for ztna.
I’ve read in the docs it can be done without ems but in my experience I’m not sure why you would. Ems makes it much easier to push tags to the clients without manually doing anything on the client.
Hi there, can you tell me how to add tags on a virgin EMS version? I had some troubles synchronising them with fortigate even that ems and fortigate are connected.
Thank you in advance.
There are a few bugs in lower versions. I’d recommend updating to at least 7.0.5 if you are not already there, upgrade EMS, and upgrade clients. This was advised to me by support for the same issues and they resolved mine. If you don’t want to update you can try deleting the ems connector and tags and try adding again. I had this issue and both of these resolved mine.
@@ChadEmery thank you for your help, I will try updating.
Hey there. Great Explanation. Can you see yourself using ZTNA as an replacement of using VPNs any time soon?
Greats question. VPN technologies as a whole certainly isn’t going anywhere. I do see tunneling mechanisms becoming less of a necessity and more of specific use case. At my organization even with ZTNA we will continue to use remote access VPN and use the ZTNA ability to segregate access to our resources. It plays really well together.
@@ChadEmery Thank you :)
Looking for ways to point FortiClient EMS to a “custom” LDAP server, ie. NOT MS-AD
Want to auth against that is possible too
Unfortunately, I do not have any experience with using anything other than MS AD. However, since LDAP is an open standard I would imagine this is possible should you feed EMS the correct information such as IP, Port, DN, etc... Maybe you could enable logging to be level 7 (debug) and try and initiate the LDAP domain sync to see if it is more specific to what is incorrect in your configuration. I wish I could offer more help. If you figure it out please share it with the community to assist with this.
Hi I have an issue were by if I do this if I turn ztna on after the rule is saved it just turned off the ZTNA
Likely a bug in the version of FortiOS you're running. Have you tried apply the config via CLI?
You should hit the update button on your browser since it might have tons of dangerous vulnerabilities present :)
Good advice, it's actually a bad habit of mine to leave chrome running for weeks without closing. Thanks for watching!
Would be interesting to see someone setup the ZTNA Server using the proxy (I cant find anybody showing how to set this up, so endpoints do not need VPN to access resources remotely).
I haven’t personally setup this before but would be happy to give it a shot and record the process. Let me see what I can do.
@@ChadEmery That would be amazing!
Just pinging you to let you know my new ZTNA video is up showing a proxy acces setup.
Hey , can we implement ZTNA without security fabric??? and do we need two fortigates for that ????
One Fortigate would suffice. ZTNA requires only a Fortigate with 7.0 or plus code, EMS to setup policy, FortiClient base Licenses.
@@ChadEmery for the forticlient EMS, does it require a license to work for the ZTNA or a free trial can do the job? Because I don’t ha e one 😢
@@loujaynebouzrati761 I’m sorry I misspoke technically fortinets website says it’s isn’t a requirement. However I’m not sure how it would work without it so maybe contact SE or support.
@@ChadEmery okay thank you so much but are you sure about the security fabric that it isn’t a requirement?
@@loujaynebouzrati761 I use Cisco for everything but firewalls and AP’s so you shouldn’t worry about that. Our Datacenter is where we have our Fortigate deployed with ZTNA and it’s the only fortinet device there.