What must be configured on FortiGate to enable ZTNA functionality?

To enable Zero Trust Network Access (ZTNA) functionality on FortiGate, it is essential to configure ZTNA servers and ZTNA policies. The ZTNA servers act as the central point for managing access to applications, ensuring that only authenticated and authorized users can reach specific resources.

ZTNA policies define the conditions under which access to these applications is granted, incorporating criteria such as user identity, device posture, and the sensitivity of the application being accessed. This approach enhances security by enforcing a strict access control mechanism tailored to user-specific needs rather than relying solely on traditional perimeter defenses.

While the other options touch on components that might be relevant in broader security and network scenarios, they do not specifically address the core requirements for enabling ZTNA. For instance, VPN settings and firewall rules are more aligned with traditional remote access methods rather than the granular access controls provided by ZTNA. User authentication methods and logging options, although important for security, do not encompass the specific configurations needed for ZTNA. Proxies and port forwarding rules also fall outside the focus of ZTNA, which is centered on application identity and user behavior rather than network tunneling or traffic routing.