What is the role of FortiGate as a ZTNA access proxy?

The role of FortiGate as a ZTNA (Zero Trust Network Access) access proxy is focused on mediating and securing connections between remote endpoints and protected servers. This ensures that access to resources is managed in a controlled manner, adhering to the principles of zero trust, which operate under the assumption that no user or device should be trusted by default, regardless of whether they are inside or outside the network perimeter.

When functioning as a ZTNA access proxy, FortiGate authenticates users and devices before allowing them to access specific applications or services, verifying and enforcing the policies that dictate what resources can be accessed. This prevents unauthorized access and minimizes the attack surface by ensuring that each connection is scrutinized and that users have the least privileged access necessary to perform their tasks.

The other choices do not align with the primary function of FortiGate in a ZTNA context. Direct internet access for all users does not incorporate the security and mediation functions that ZTNA embodies. Serving as a firewall without user authentication would not support the zero trust model, which emphasizes authentication and identity management. Lastly, managing internal server routing exclusively does not encompass the broad and secure connections that ZTNA requires, focusing instead on internal network operations rather than secure access from