Sunday, April 6, 2025
Latest:
Computer NetworksNETWORKS

16. FortiClient EMS – Fortigate Policy with Zero Trust Tagging with VPN

Alice AUSTIN

VPN 192.168.104.56 4443

EMS 192.168.103.151 8013

#Conclusion
There was some minor issues. but it’s working well.

#Configuration
config system interface

edit “port1”
set vdom “root”
set ip 192.168.104.56 255.255.255.0
set allowaccess ping https ssh http fgfm
set type physical
set snmp-index 2
next
edit “port2”
set vdom “root”
set ip 192.168.108.1 255.255.255.0
set allowaccess ping
set type physical
set snmp-index 3
end

config system settings
set gui-ztna enable
end

config router static
edit 1
set gateway 192.168.104.1
set device “port1”
next
edit 2
set dst 192.168.200.0 255.255.255.0
set gateway 192.168.103.1
set device “mgmt”
next
end

config user local
edit “fortigate”
set type password
set passwd fortigate
end

config vpn ssl settings
set servercert “self-sign”
set tunnel-ip-pools “SSLVPN_TUNNEL_ADDR1”
set tunnel-ipv6-pools “SSLVPN_TUNNEL_IPv6_ADDR1”
set port 4443
set source-interface “port1”
set source-address “all”
set source-address6 “all”
set default-portal “full-access”
config authentication-rule
edit 1
set users “fortigate”
set portal “full-access”
next
end
end

config vpn ssl web portal
edit “full-access”
set split-tunneling disable
end

config firewall address
edit “192.168.103.151”
set subnet 192.168.103.151/32
end

config firewall policy
edit 2
set name “EMS Exception”
set srcintf “port2”
set dstintf “port1”
set action accept
set srcaddr “all”
set dstaddr “192.168.103.151”
set schedule “always”
set service “ALL”
set nat enable
next
edit 1
set name “Default”
set srcintf “port2”
set dstintf “port1”
set action accept
set srcaddr “all”
set dstaddr “all”
set ztna-status enable
set ztna-ems-tag “FCTEMS0000114521_AntiVirus_Enabled”
set schedule “always”
set service “ALL”
set logtraffic all
set nat enable
next
edit 3
set name “VPN”
set srcintf “ssl.root”
set dstintf “port1”
set action accept
set srcaddr “all”
set dstaddr “all”
set ztna-status enable
set ztna-ems-tag “FCTEMS0000114521_AntiVirus_Enabled”
set schedule “always”
set service “ALL”
set inspection-mode proxy
set logtraffic all
set nat enable
set users “fortigate”
next
end

config endpoint-control fctems
edit “192.168.103.151”
set server “192.168.103.151”

next
end

config system interface
edit “mgmt”
set vdom “root”
set mode static
set ip 192.168.103.172 255.255.255.0
set allowaccess ping https ssh fgfm
set status down
set type physical
set dedicated-to management
set snmp-index 1
end

source

ipv6

Alice AUSTIN

Alice AUSTIN is studying Cisco Systems Engineering. He has passion with both hardware and software and writes articles and reviews for many IT websites.

You May Also Like

【FLUTTER ANDROID STUDIO and IOS】Local Read and write JSON data

Alice AUSTIN

Best Product Russian Keypad AGM M5 Simplified Android OS 4G LTE Type C Touch Screen IP68 Waterproof

Beladonis est de retour ! – Pokémon Lune #44

Leave a Reply

Your email address will not be published. Required fields are marked *