So there are still a lot of questions to be answered, but mainly look at the following needed items:įortiClient Ems (ztna or epp) if you want edr make the combo of FortiClient Ems ztna and edr.įor Azure only use a Identity Provider (Idp) (connected with saml) for example Azure ad or pherhaps fortiauthenticator if your not only Microsoftįor Hybrid, use a radius server, could be nps with the integrationįortiClientems could be hosted by yourself or use it as a SaaS. Even a Azure and nps would work, but there are better options. You need to tell the branch routers how to reach the. for example ping from (B) to (C) over HQ. Ztna licensing could be used for your vpn question, but since your also looking at the security, you probably need the epp license (it has ztna included).įor seamless vpn, it depends what you environment is? Azure ad ? Hybrid? Probably you would have to look for a saml (or maybe radius) setup for authentication, you need your FortiClient to communicate with a Idp or radius server. Site A (HQ) Site B (Branch1) Site C (Branch2) Site D (Branch3) The connection is made from branches (B,C,D) to HQ (A) and is working fine. The vpn autoconnect/always up is feature which is integrated within the FortiClient, but to fully utilize it you need a FortiClientems licensed. That being said, it can easily replace vpn and epp, however its not a full edr, thats where fortiedr comes in play. ![]() ![]() You cant utilize full 100% of the FortiClient due to a noted or a strange bug (so i would advise to read the release notes more carefully than you do with the gates). Hopefully you don't have a lot of VPNs on. This will debug the initial part of the VPN buildup (namely phase1). diag deb app ike -1 Stop output by hitting Ctrl-C. ![]() First of all, FortiClient looks really nice with all the features it can offer, but beware the more features, the more bugs. In Dashboard > Console, please enter the following and post the (text) output from both FGTs here: diag deb ena.
0 Comments
Leave a Reply. |