Fortigate ztna

Hello all!I have some questions regarding some basics of the Fortinet ZTNA setup. I did go through the ZTNA and FortiEMS training but just wanted some things clarified if possible.1st Dumb Question - Is the ZTNA Server just one of my Fortigate Firewalls? (It's not another physical box/server I have to setup right?) It seems like if I have two locations, each Fortigate could be a ZTNA server for access to the resources that are located there. Both would have to be joined via the Fabric connectors and one of those would have to serve as the "Fabric Root".If the above is true, when I'm setting up my ZTNA Server on one of the Fortigates, for the external IP, can I just choose any IP that's associated with my assigned block, and would I then connect via that IP address for access resources externally? (Let's say I have 123.123.123.1-50 for my external IPs, can I just set that external IP to 123.123.123.5, then if I setup rules to access SMB let's say, when I map a network drive from home, would I just be utilizing that ZTNA server IP I chose (the .5), or am I able to use existing assigned external IPs for resources and the external ZTNA server IP has nothing to do with those?I apologize for some of these basic questions, but the documentation and training didn't cover some of this very well (it just says "Setup your ZTNA server and assign these things"). The ZTNA server piece I'm a little confused about.

In FortiOS 7.2.1. 847077 Can't find xitem. Drop the response. error appears for DHCPOFFER packets in the DHCP relay debug. 1041457 The kernel 4.19 cannot concurrently reassemble IPv4 fragments for a source IP with more than 64 destination IP addresses. Upgrade Bug ID Description 925567 When upgrading multiple firmware versions in the GUI, the Follow upgrade path option does not respect the recommended upgrade path. User & Authentication Bug ID Description 825505 After a few days, some devices are not displayed in the Users & Devices > Device Inventory widget and WiFi & Switch Controller > FortiSwitch Ports page's Device Information column due to a mismatch in the device count between the following commands. diagnose user device list diagnose user device stats diagnose user-device-store device memory list Workaround: restart the WAD process or reboot the FortiGate to recover the device count for the user device store list. VM Bug ID Description 1082197 The FortiGate-VM on VMware ESXi equipped with an Intel E810-XXV network interface card (NIC) using SFP28 transceivers at 25G speed is unable to pass VLAN traffic when DPDK is enabled. Web Filter Bug ID Description 766126 Block replacement page is not pushed automatically to replace the video content when using a video filter. ZTNA Bug ID Description 832508 The EMS tag name (defined in the EMS server's Zero Trust Tagging Rules) format changed in 7.2.1 from FCTEMS_ to EMS_ZTNA_. After upgrading from 7.2.0 to 7.2.1, the EMS tag format was converted properly in the CLI configuration, but the WAD daemon is unable to recognize this new format, so the ZTNA traffic will not match any ZTNA policies with EMS tag name checking enabled. Workaround: unset the ztna-ems-tag in the ZTNA firewall proxy policy, and then set it again.

Introduction FortiSASE is a software-as-a-cloud-delivered service that allows clients to securely access the internet with the protection from FortiOS. With FortiSASE, you can ensure to protect remote off-net endpoints and users with the same security policies as when they are on-net, no matter their location. The service is available through a subscription based on the number of users. FortiSASE works with various FortiCloud services in the background to deliver a seamless service for securing your internet access. In terms of security, FortiSASE offers the following features to protect clients: Antivirus Web Filter Intrusion prevention File filter Data loss prevention Application control SSL inspection Security features are customizable and offer many familiar settings as you would see on a FortiGate. Following are examples of common FortiSASE use cases: FortiSASE component Use case Description Secure internet access (SIA) Agent-based remote user internet access Secure access to the internet using FortiClient agent Agentless remote user internet access Secure access to the internet using FortiSASE secure web gateway (SWG) Site-based remote user internet access using FortiExtender Secure access to the internet using FortiExtender device as FortiSASE LAN extension Site-based remote user internet access using FortiAP Secure access to the internet using FortiAP edge device that FortiSASE manages Secure private access (SPA) Zero trust network access (ZTNA) private access Access to private company-hosted TCP-based applications behind the FortiGate ZTNA application gateway for various ZTNA use cases. This access method allows for a direct (shortest) path to private resources. SD-WAN private access Access to private company-hosted

FortiAnalyzer fails when connected to FortiAnalyzer Cloud. SSL VPN Bug ID Description 795381 FortiClient Windows cannot be launched with SSL VPN web portal. 819754 Multiple DNS suffixes cannot be set for the SSL VPN portal. System Bug ID Description 798303 The threshold for conserve mode is lowered. 832429 Random kernel panic may occur due to an incorrect address calculation for the internet service entry's IP range. 837730 Trusted hosts are not working correctly in FortiOS 7.2.1. 847077 Can't find xitem. Drop the response. error appears for DHCPOFFER packets in the DHCP relay debug. 1041457 The kernel 4.19 cannot concurrently reassemble IPv4 fragments for a source IP with more than 64 destination IP addresses. Upgrade Bug ID Description 925567 When upgrading multiple firmware versions in the GUI, the Follow upgrade path option does not respect the recommended upgrade path. User & Authentication Bug ID Description 823884 When a search is performed on a user (User & Authentication > User Definition page), the search results highlight all the groups the user belongs to. 825505 After a few days, some devices are not displayed in the Users & Devices > Device Inventory widget and WiFi & Switch Controller > FortiSwitch Ports page's Device Information column due to a mismatch in the device count between the following commands. diagnose user device list diagnose user device stats diagnose user-device-store device memory list Workaround: restart the WAD process or reboot the FortiGate to recover the device count for the user device store list. VM Bug ID Description 1082197 The FortiGate-VM on VMware ESXi equipped with an Intel E810-XXV network interface card (NIC) using SFP28 transceivers at 25G speed is unable to pass VLAN traffic when DPDK is enabled. Web Filter Bug ID Description 766126 Block replacement page is not pushed automatically to replace the video content when using a video filter. ZTNA Bug ID Description 832508 The EMS tag name (defined in the EMS server's Zero Trust Tagging Rules) format changed in 7.2.1 from FCTEMS_ to EMS_ZTNA_. After upgrading from 7.2.0 to 7.2.1, the EMS tag format was converted properly in the CLI configuration, but the WAD daemon is unable to recognize this new format, so the ZTNA traffic will not match any ZTNA policies with EMS tag name checking enabled. Workaround: unset the ztna-ems-tag in the ZTNA firewall proxy policy, and then set it again.