FortiOS-7.2-ZTNA Reference Guide
FortiOS-7.2-ZTNA Reference Guide
FortiOS-7.2-ZTNA Reference Guide
FortiOS 7.2
FORTINET DOCUMENT LIBRARY
https://docs.fortinet.com
FORTINET BLOG
https://blog.fortinet.com
NSE INSTITUTE
https://training.fortinet.com
FORTIGUARD CENTER
https://www.fortiguard.com
FEEDBACK
Email: [email protected]
Introduction 4
Endpoint posture check 5
Recommended posture checks 5
Other posture checks 6
CASB SaaS application support 9
Change log 11
Zero trust network access (ZTNA) is an access control method that uses client device identification, authentication, and
zero trust tags to provide role-based application access. It gives administrators the flexibility to manage network access
for on-net local users and off-net remote users. Access to applications is granted only after device verification,
authenticating the user’s identity, authorizing the user, and then performing context based posture checks using zero
trust tags.
This document provides reference information for ZTNA.
The following are different context-based posture checks that FortiClient EMS supports as part of the Zero Trust
solution:
For vulnerable devices, checking for devices with high-risk vulnerabilities and above is recommended.
Supported operating
Rule type Posture check
systems
Windows 11 Windows
Windows 10 Windows
Windows 8 Windows
Windows 7 Windows
Mojave macOS
Sierra macOS
OS version Catalina macOS
Monterey macOS
CentOS 8 Linux
You can configure the FortiGate zero trust network access (ZTNA) access proxy to act as an inline cloud access security
broker (CASB) by providing access control to software-as-a-service (SaaS) traffic using ZTNA access control rules. A
CASB sits between users and their cloud service to enforce security policies as they access cloud-based resources.
FortiOS 7.2.1 and later versions support ZTNA inline CASB for SaaS application access. This topic provides information
on the supported applications.
The inline CASB database, as of version 1.00025, supports the following SaaS applications:
adp ADP
atlassian Atlassian
aws_s3 AWS S3
azure Azure
box Box
citrix Citrix
confluence Confluence
docusign DocuSign
dropbox Dropbox
egnyte Egnyte
github GitHub
gmail Gmail
jira Jira
salesforce Salesforce
sap SAP
sharepoint SharePoint
webex Webex
workplace Workplace
youtube YouTube
zendesk Zendesk
zoom Zoom
The inline CASB database, as of version 1.00025, supports the following SaaS application groups:
MS Microsoft SaaS
Copyright© 2022 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein
may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were
attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance
results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract,
signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only
the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal
conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change,
modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.