No video :(

Fortinet FortiClient/FortiEMS/FortiGate using ZTNA tags to reach RDP server how to guide

Подписаться 667

Просмотров 16 тыс.

50% 1

Fortinet FortiClient/FortiEMS/FortiGate using ZTNA tags and TCP forwarding to reach RDP server how to guide. Demonstration on configuring FortiEMS and FortiGate to use RDP client and TCP forwarding with ZTNA tags to allow or deny remote users to reach internal RDP server.

Опубликовано:

5 сен 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 29

@user-vm5pj2dd6e Год назад

Great video! Thank you for putting out something clear, concise and easy to understand. I would love to see you do another version of this video with the updated 7.2.5 FortiGate GUI and FortiClient EMS 7.2.1 versions as the interface was changed significantly.

@krzysztofjasion8549 4 месяца назад

Great video! Thank you very much.

@hubertwz Год назад

Great presentation!

@hildicortes Год назад

My friend , this is the best video about Fortinet ZTNA by far, Thanks for sharing such a good content . It is a shame we can't try ZTNA without a license but this video really helps. I have a little question for you, Forticlient EMS must be reached by any client Off-Fabric and On Fabric Right?, so Is it necessary to do a VIP and put it in a DMZ to be reached from any part of the world by the clients and all the forticlients must be pointing to this Public IP? I am not sure about it. Again I appreciate this video , thanks

@fortialex Год назад

Yes that is correct, if you are hosting EMS on prem you will need to have it in a DMZ and open the ports listed in the following document: docs.fortinet.com/document/forticlient/7.2.0/ems-quickstart-guide/439480/required-services-and-ports. Also you can download FortiEMS VM image from the support website and that will give you 3 trial licenses that you can test the product out with. GO through the installation of the VM and then skip the licensing part which will activate it as a trial which will get you the 3 free licenses to use and test it out.

@user-wr8zn4cf4b 4 месяца назад

Cool, learned something new, thank you

@deezgasx331 10 месяцев назад

Is there any configuration needed in the firewall policy? I followed the steps, but I am unable to RDP to my server using the local IP address.

@alwayskarbala 12 дней назад

Bro love your videos. Could you provide me training session ?

@emiljacobson7586 4 месяца назад

Did you pre-configure the 'ZTNA Destinations' in FortiClient before configuring the 'ZTNA Destination' in FC-EMS? That's a step you don't show, and my destinations from EMS aren't synchronized to FortiClient. Thanks, E

@boubennaayoub2288 Год назад

thank you very much great video

@chrismoore1981 10 месяцев назад

Great Video Alex!! Am I correct in saying that FSSO is no longer needed. I would think FortiClient with ZTNA is a much better solution for RBAC vs FSSO?

@fortialex 10 месяцев назад

FortiClient ZTNA is a more comprehensive RBAC than just FSSO as you can control access to resources based on a wider set of end point posture checks. FSSO allows/denies access to resources based on strictly whos logged into the end point and what AD group they are apart of where ZTNA has many many different posture checks you can perform including but not limited to just AD group.

@guerriero33t Год назад

This is dated. It is 6 months old... the fortigate and ems interfaces are changed.

@Klarkooi 6 месяцев назад

Does it work for other use cases beside RDP for example certain system based user account is used for powershell or other protocol access to corp server?

@lazzybug007 4 месяца назад

Thank you

@oinkersable Год назад

Thanks for the Vids Alex - did you ever get it working when using DNS names instead of IP's for the ZTNA destinations, I believe it can be done where the FortiClient updates the host file on the endpoint with each entry but I couldnt get it to work in the lab - there may be some version dependencies though. Cheers

@fortialex Год назад

I do not have an internal DNS server so this won't be possible for me to setup at the moment. This should be able to be done though. You'll need an internal DNS server resolving your internal hostnames and get your endpoints connectivity to this server.

@fabricembomda2045 9 месяцев назад

great !!!!!

@MG-pf9xf 8 месяцев назад

Hi. You mentioned Proxy IP is your wan interface IP which is setup on VIP. then what IP you are using on ZTNA server? please explain a bit.

@MG-pf9xf 8 месяцев назад

Hi. Do I need to put my on-prem EMS server on DMZ and allow port? Because when I am going off fabric the forticlient shows disconnected.

@fortialex 8 месяцев назад

Yes, on prem EMS needs to have ports open on the upstream firewall to allow remote devices to communicate with it. A list of the necessary ports can be found here: docs.fortinet.com/document/forticlient/7.2.2/ems-quickstart-guide/439480/required-services-and-ports

@MG-pf9xf 8 месяцев назад

@@fortialex Thanks. Do I need to put that EMS server into DMZ or VIP with static NAT will be fine and put that VIP on Forticlient so it can communicate with EMS server from outside world?

@MG-pf9xf 8 месяцев назад