When I was considering ZTNA for my employer it was super frustrating because I couldn’t find hardly anything on it. I hope this was helpful and thanks for watching!

Thank you Maryam for your support. I will be working on more ZTNA content soon.

I’m glad you found my video beneficial! ZTNA is definitely something that could use some better documentation on Fortinet’s end. Best of luck on your NSE4! I’ll be doing some more Fortinet content down the road and also cover some Palo stuff. Thank you for watching!!

Greats question. VPN technologies as a whole certainly isn’t going anywhere. I do see tunneling mechanisms becoming less of a necessity and more of specific use case. At my organization even with ZTNA we will continue to use remote access VPN and use the ZTNA ability to segregate access to our resources. It plays really well together.

@@ChadEmery Thank you :)

I haven’t personally setup this before but would be happy to give it a shot and record the process. Let me see what I can do.

@@ChadEmery That would be amazing!

Just pinging you to let you know my new ZTNA video is up showing a proxy acces setup.

There are a few bugs in lower versions. I’d recommend updating to at least 7.0.5 if you are not already there, upgrade EMS, and upgrade clients. This was advised to me by support for the same issues and they resolved mine. If you don’t want to update you can try deleting the ems connector and tags and try adding again. I had this issue and both of these resolved mine.

@@ChadEmery thank you for your help, I will try updating.

I’ve read in the docs it can be done without ems but in my experience I’m not sure why you would. Ems makes it much easier to push tags to the clients without manually doing anything on the client.

Unfortunately, I do not have any experience with using anything other than MS AD. However, since LDAP is an open standard I would imagine this is possible should you feed EMS the correct information such as IP, Port, DN, etc... Maybe you could enable logging to be level 7 (debug) and try and initiate the LDAP domain sync to see if it is more specific to what is incorrect in your configuration. I wish I could offer more help. If you figure it out please share it with the community to assist with this.

Good advice, it's actually a bad habit of mine to leave chrome running for weeks without closing. Thanks for watching!

One Fortigate would suffice. ZTNA requires only a Fortigate with 7.0 or plus code, EMS to setup policy, FortiClient base Licenses.

@@ChadEmery for the forticlient EMS, does it require a license to work for the ZTNA or a free trial can do the job? Because I don’t ha e one 😢

@@loujaynebouzrati761 I’m sorry I misspoke technically fortinets website says it’s isn’t a requirement. However I’m not sure how it would work without it so maybe contact SE or support.

@@ChadEmery okay thank you so much but are you sure about the security fabric that it isn’t a requirement?

@@loujaynebouzrati761 I use Cisco for everything but firewalls and AP’s so you shouldn’t worry about that. Our Datacenter is where we have our Fortigate deployed with ZTNA and it’s the only fortinet device there.

Likely a bug in the version of FortiOS you're running. Have you tried apply the config via CLI?