A company is implementing Zero Trust Network Access using Fortinet's ZTNA solution. They have deployed a FortiGate as the ZTNA gateway and are using FortiClient as the ZTNA agent. Users report that they can initiate ZTNA connections but the connections drop after a few minutes. The FortiGate logs show that the ZTNA session is being terminated due to a endpoint compliance check failure. Which action should the administrator take to resolve this issue?
Trap 1: Disable endpoint compliance checks on the FortiGate.
Disabling compliance checks would bypass security controls, which is not recommended.
Trap 2: Increase the session timeout on the FortiGate ZTNA gateway.
Session timeout is not the issue; the session is dropped due to compliance failure, not idle timeout.
Trap 3: Change the authentication method from certificate to LDAP.
Authentication method is unrelated to endpoint compliance checks.
- A
Review and adjust the endpoint compliance rules in FortiClient EMS.
Adjusting compliance rules to match the actual endpoint state will allow the connection to persist.
- B
Disable endpoint compliance checks on the FortiGate.
Why wrong: Disabling compliance checks would bypass security controls, which is not recommended.
- C
Increase the session timeout on the FortiGate ZTNA gateway.
Why wrong: Session timeout is not the issue; the session is dropped due to compliance failure, not idle timeout.
- D
Change the authentication method from certificate to LDAP.
Why wrong: Authentication method is unrelated to endpoint compliance checks.