FortiTrust Access is a user-based subscription that provides all the elements necessary to add ZTNA to your FortiGate-based network. The offering includes the ZTNA agent in FortiClient and cloud-based orchestration from FortiClient Cloud.
FortiTrust Access allows organizations to deploy a secure means of delivering application access control whether or not the user is connected to the network. Further, the application being accessed can be located anywhere: the data center, a private cloud, or a public cloud.
Features include:
| Zero Trust Agent with Multi-factor Authentication (MFA) Coming in 7.0 | The Zero Trust Agent supports ZTNA tunnels, single sign-on (SSO), and device posture check to FortiOS access proxy |
| Central Management via EMS | Centralized FortiClient deployment and provisioning that allows administrators to remotely deploy endpoint software and perform controlled upgrades. Makes deploying FortiClient configuration to thousands of clients an effortless task with the click of a button. Vulnerability dashboard helps manage an organization’s attack surface. All vulnerable endpoints are easily identified for administrative action. Windows AD integration helps sync an organization’s AD structure into EMS so the same organization units (OUs) can be used for endpoint management. Realtime Endpoint Status always provides current information on endpoint activity and security events. |
| Central Logging and Reporting | Centralized logging simplifies compliance reporting and security analysis by ForiSIEM or other SIEM product |
| Dynamic Security Fabric Connector | EMS creates virtual groups based on endpoint security posture. These virtual groups are then retrieved by FortiGate and used in firewall policy for dynamic access control. Dynamic groups help automate and simplify compliance for security policies. |
| Vulnerability Agent and Remediation | Vulnerability agent and remediation ensures endpoint hygiene and hardens endpoints to reduce the attack surface. This identifies vulnerable endpoints and prioritizes unpatched OS and software vulnerabilities with flexible patching options including auto-patching. |
| SSL VPN with MFA | Secure Socket Layer (SSL) Virtual Private Network (VPN) with MFA enables an easy-to-use encrypted tunnel that will traverse most any infrastructure. |
| IPsec VPN with MFA | IP Secure (IPSec) VPN with MFA enables an easy-to-use encrypted tunnel that provides the highest VPN throughput. |
| FortiGuard Web Filtering | Powered by FortiGuard Labs research, the web filtering function monitors all web browser activities to enforce web security and acceptable usage policy with 75+ categories. It works across all supported operating systems and works with Google SafeSearch. The endpoint web filtering profile can be synchronized from FortiGate for consistent policy enforcement. Administrators can set black/white lists, on-/off-net policies, and import FortiGate web filtering policies for consistent enforcement. FortiClient now supports a web filter plugin that improves detection and enforcement of web filter rules on HTTPS sites with encrypted traffic. |
| USB Device Control | This capability prevents unauthorized USB devices from accessing the host. |
| Split-tunneling | Supported on ZTNA and VPN tunnels, split-tunneling enables optimized user experience |
| Single Sign-on (SSO) | SSO integrates with FortiAuthenticator identity and access management to provide single sign-on. |
Integrate FortiGuard Security Services for protection across networks, endpoints, and clouds
Implement FortiCare services to accelerate security deployment and maximize uptime
Zero-trust policy both on and off the network
Automatic encrypted tunnels for data privacy
No additional licenses required
Hides applications from the internet behind a proxy
