Hi,
Today we use ssl vpn and forticlient to connect to our internal network and access a windows file share.
Is ZTNA proxy a good replacement? I would like a solution where users don’t have to think about the connection and it just “works” outside the office.
Anyone using this with SMB shares? Does it works good, or is it better to say with SSL vpn?
Thanks for any input
SSLVPN on 2 gb RAM boxes will be removed in an upcoming firmware version.
ZTNA is a wonderful solution but does have some limitations.
We have clients who:
The best advice is to start working with both solutions to determine what works best for your organization.
If you’re an SMB, we offer free services and would be happy to guide you through this transition.
Is it possible to access windows file server on ztna?
What about domain controllers
been using and testing ZtNA for administration of the equipment. It works great few hiccups here and there.
Just need to make sure that ems and fortigate connector is up all the time and forticlient is online with ems all the time.
ZTNA proxy for smb shares, do you feel safe exposing your file server to the internet basically?
I’m testing ZTNA to replace our sslvpn. So far it works well. I’m using HTTPS proxy and TFAP to access internal web resources, RDP, SSH and for client apps to connect to local sql server. I also just setup a KDC proxy for SMB drive mapping and it’s been working great in testing.
We are in a similar situation and I would like to start setting up ZTNA and testing. Is there a guide to setting this up for testing while all others maintain a sslvpn connection? I do not want to affect any other users and slowly move users over to ZTNA.
From what I understand they’re removing it from ALL versions in the future regardless of what model you have. Biggest reason is SSL-VPN WebGUI got some serious security issues they can’t seem to fix so they decided to drop it.
Which is the main reason why I’ve stopped using it three years ago in favor of Wireguard.
Thank you to the individual who always downvotes us when we say we provide free services to SMBs. We love knowing this makes you upset. Jealousy is the best form of flattery.
I’m the admin for a small nonprofit looking to move away from sslvpn, and you just spoke the magic words - free services.
Sounds good, is it stable or do you lose connection sometimes?
Would be interesting it know if there is a specific FortiGate OS version that is better then another. We run 7.2.x today.
Yes it should be, same as you access a file share by ssl vpn.
In my case it is probably even easier as all compuetres are Azure AD joined.
Sound good, what I’m worried about is how stable it is and that forticlient keeps the connection open and that you don’t lose your network drive.
Yes, you still need to authenticate yourself, so I don’t see any security difference then for example ssl vpn.
From what I understand they’re removing it from ALL versions in the future regardless of what model you have.
Do you have a source for this??
I will say that it is okay with me that you are offering services for free and are willing to help out. Provided it’s genuine of course, and that there is no money changing hands or offers of managed service contracts/further paid engagements, etc. as a carrot-on-a-stick when you’re offering it.
Sounds good, is it stable or do you lose connection sometimes?
Which method in specific are you inquiring about?
ZTNA overall is a stable connection, and we prefer to use it over IPSEC for devices that are constantly mobile such as police, emergency, fleet, etc… that are constantly moving from tower to tower and when the cell towers do not hand off traffic properly, thus causing the SSL or IPSEC to disconnect and reconnect.
The cavoite is does the software they use for their services allow TCP connections.
haven’t tested the shared drive myself but i can say that if you keep using it eg file transfer the session will stay up and it will timeout if you don’t use the shared drive. I’ll set it up in my fortigate and client maybe next week
Thank you for the support. We encourage anyone and everyone to follow up with any reddit user about our genuine offers.