Truth in IT
    • Sign In
    • Register
        • Videos
        • Channels
        • Pages
        • Galleries
        • News
        • Events
        • All
Truth in IT Truth in IT
  • Data Management ▼
    • Converged Infrastructure
    • DevOps
    • Networking
    • Storage
    • Virtualization
  • Cybersecurity ▼
    • Application Security
    • Backup & Recovery
    • Data Security
    • Identity & Access Management (IAM)
    • Zero Trust
    • Compliance & GRC
    • Endpoint Security
  • Cloud ▼
    • Hybrid Cloud
    • Private Cloud
    • Public Cloud
  • Webinar Library
  • TiPs
  • DRAW

Fortinet ZTNA Integration with CrowdStrike Zero Trust Scores

Fortinet
07/06/2026
0 (0%)
Share
  • Comments
  • Download
  • Transcript
Report Like Favorite
  • Share/Embed
  • Email
Link
Embed

Transcript


The integration is based on three key components, 4DClient EMS server, 4DGate, and CrowdStrike inside XDR. In this architecture, both 4DClient EMS server and CrowdStrike inside XDR acts as the policy engine which continuously monitors endpoint posture status to assign the zero-trust tags or ZTS scores while 4DGate acts as the policy enforcement point. As per the integration, 4DClient agent will retrieve zero-trust assessment score assigned to the endpoint by CrowdStrike and later forward it to the EMS server as part of the endpoint telemetry updates. Later, these ZTS scores will be used as one of the parameters within the security posture tags to enforce adaptive access controls on the 4DGate acting as the application gateway. With that, let's look into the configuration aspects related to this ZTNA integration. Starting with 4DClient EMS server, the dashboard provides summary of connected as well as total number of managed and unmanaged endpoints. Moving on, under the endpoint tabs, you can view the complete list of endpoints within an organization. Further, we can get detailed information on each endpoint like its connection status along with various features enabled via endpoint profiles and policies. Here, we can also notice that this device has CrowdStrike Falcon sensor installed for endpoint detection and response. Now, let's look at the security posture tags that we will be working with in this demo. The endpoint compliance tag looks for multiple parameters like domain, antivirus status, vulnerability status and based on the configured rule logic, all these conditions should hold true for an endpoint to receive this tag. CrowdStrike low ZTS score tag is assigned to an endpoint with the score less than 65. Medium ZTS score tag is assigned to an endpoint with a score between the range of 65 and 75. And similarly, ZTS score high tag is assigned to an endpoint with a CrowdStrike ZTS score greater than 75. Once the tagging rules are configured, we can navigate to tag monitor tab to view endpoints classified as per the configured rules. Now, let's move on to the CrowdStrike console to view the zero trust scores assigned to all the onboarded endpoints. As you can notice, we have three hosts out of which two hosts have received ZTS score greater than 90 which classifies them with the high ZTS score tag. Whereas the third host with a score of 33 was assigned low ZTS score tag. With that, let's move on to 4DGate and see how these ZTS scores get enforced on 4DGate in real time for adaptive access controls. 4DGate utilizes 4D client EMS connector or two-way webhook to get real-time information on endpoint posture status based on the defined tags. Under the ZTNA tab, we can find all the configured private applications. And for the sake of this demo, we will be working with 4D analyzer server. Under the security posture tags tab, we can view all the tags synced from EMS server to 4DGate along with the endpoint classification information. Here we have two endpoints classified with endpoint compliance tab. Similarly, two endpoints with the high ZTS score and one endpoint with low ZTS score tag as we have seen on the CrowdStrike and 4D client EMS consoles. Now let's quickly glance over how these tags are enforced via ZTNA policies. I have configured a deny policy at the top that looks for critical vulnerability or low CrowdStrike ZTS score tags. And if endpoint has any one of these tags present, user access will be blocked to all configured private applications. Next, for the 4D analyzer ZTNA policy, I have again configured two tags, high ZTS score and endpoint compliance. But in this case, both the tags need to be present for clients to access this application. Further, I have enabled antivirus and IPS security profiles within this policy. Now let's verify private application access. As you can see, this endpoint is managed by 4D client EMS server and it has received both the required ZTNA tags. Let's try to browse to faz.tmg.local, the 4D analyzer ZTNA server. First, 4DGate will prompt the user for device authentication based on the unique certificate issued to the endpoint by EMS. And later, based on the configured authentication rule, 4DGate will redirect us to 4D authenticator acting as the SAML IDP for user authentication. Once authenticated, we will be able to access our ZTNA application. Now let's hop on to another endpoint. It is also managed by the same EMS server, but this PC has received a low ZTS score tag. Now if I try to browse to same 4D analyzer server, 4DGate will prompt us for device authentication. But because of the low ZTS score tag attached to this endpoint, we will hit the very first rule with the action set to block. And here you can notice that 4DGate did present us with a response page stating the reason for the block. We can verify all this activity by looking at the ZTNA traffic logs on the 4DGate. Under the log details, we can get information on the user, its group, the matched ZTNA rule, and also the tags that were associated with the endpoint during the time of application access. This concludes the demo. Thank you for watching.

TL;DR

  • Fortinet Universal ZTNA integrates with CrowdStrike Falcon to use zero-trust assessment scores as real-time access control parameters for private applications.
  • The architecture uses FortiClient EMS and CrowdStrike as dual policy engines while FortiGate enforces adaptive access decisions at the application gateway.
  • Security posture tags based on ZTS score thresholds (low <65, medium 65-75, high >75) enable granular policy enforcement combining endpoint risk with compliance status.
  • ZTNA policies can require multiple conditions for access or block based on any single risk indicator, with detailed logging capturing user, group, matched rules, and endpoint tags.

Architecture and Integration Components

This technical demonstration walks through Fortinet's Universal ZTNA integration with CrowdStrike Falcon platform, showcasing how the two security ecosystems work together to deliver adaptive, risk-based access controls. The architecture relies on three core components: FortiClient EMS server, FortiGate, and CrowdStrike Insight XDR. Both FortiClient EMS and CrowdStrike function as policy engines that continuously monitor endpoint posture and assign zero-trust assessment scores, while FortiGate serves as the policy enforcement point. The FortiClient agent retrieves ZTS scores from CrowdStrike and forwards them to the EMS server as part of endpoint telemetry, enabling real-time security posture evaluation.

Policy Configuration and Enforcement

The demo details how security posture tags are configured based on CrowdStrike ZTS scores—endpoints scoring below 65 receive a low tag, 65-75 receive medium, and above 75 receive high. These tags combine with other compliance parameters like domain membership, antivirus status, and vulnerability status to create comprehensive access policies. FortiGate enforces these policies in real-time through ZTNA rules that can require multiple tags for access or block access based on risk indicators. The demonstration shows a practical example where an endpoint with a high ZTS score and compliance tag successfully accesses a FortiAnalyzer server, while another endpoint with a low ZTS score of 33 is blocked with a clear response page explaining the denial reason.

Chapters

0:00 - Integration Architecture Overview
1:04 - EMS Server Configuration
1:44 - Security Posture Tag Setup
2:36 - CrowdStrike ZTS Score Review
3:01 - FortiGate Policy Enforcement
4:38 - Access Verification Demo

Key Quotes

0:17 "In this architecture, both FortiClient EMS server and CrowdStrike Insight XDR acts as the policy engine which continuously monitors endpoint posture status to assign the zero-trust tags or ZTS scores while FortiGate acts as the policy enforcement point."
3:01 "With that, let's move on to FortiGate and see how these ZTS scores get enforced on FortiGate in real time for adaptive access controls."
4:02 "I have configured a deny policy at the top that looks for critical vulnerability or low CrowdStrike ZTS score tags. And if endpoint has any one of these tags present, user access will be blocked to all configured private applications."
5:42 "And here you can notice that FortiGate did present us with a response page stating the reason for the block."

FAQ

How does the CrowdStrike ZTS score get communicated to FortiGate for access decisions?

The FortiClient agent retrieves the zero-trust assessment score assigned by CrowdStrike and forwards it to the EMS server as part of regular endpoint telemetry updates. FortiGate then receives this information through a two-way webhook connector with EMS, enabling real-time policy enforcement based on the current ZTS score.

Can ZTNA policies require multiple security conditions to be met before granting access?

Yes, ZTNA policies can be configured to require multiple tags simultaneously. The demo shows a policy requiring both a high ZTS score tag and an endpoint compliance tag for access to FortiAnalyzer, while a separate deny policy blocks access if either a critical vulnerability or low ZTS score tag is present.


Categories:
  • » Webinar Library » Fortinet
  • » Cybersecurity » Zero Trust
  • » Cybersecurity » Endpoint Security
  • » Data Protection
Channels:
News:
Events:
Tags:
  • Zero Trust
  • Endpoint Management
  • SASE
  • SSE
  • Demo
  • Technical Deep Dive
  • Zero Trust Network Access
  • CrowdStrike Falcon Integration
  • Endpoint Security Posture
  • Adaptive Access Control
  • FortiClient EMS
  • FortiGate ZTNA
  • Security Policy Enforcement
  • Hybrid Work Security
Show more Show less

Browse videos

  • Related
  • Featured
  • By date
  • Most viewed
  • Top rated
  •  

              Video's comments: Fortinet ZTNA Integration with CrowdStrike Zero Trust Scores

              Upcoming Webinar Calendar

              • 07/09/2026
                01:00 PM
                07/09/2026
                The HUMAN Experience: Empowering Agentic Trust in Practice
                https://www.truthinit.com/index.php/channel/2026/the-human-experience-empowering-agentic-trust-in-practice/
              • 07/14/2026
                01:00 PM
                07/14/2026
                Crafting a Championship-Level Security Team for Unmatched Defense Success
                https://www.truthinit.com/index.php/channel/2025/crafting-a-championship-level-security-team-for-unmatched-defense-success/
              • 07/14/2026
                02:00 PM
                07/14/2026
                Understanding the Crucial Role of Context in AI Data
                https://www.truthinit.com/index.php/channel/2037/understanding-the-crucial-role-of-context-in-ai-data/
              • 07/21/2026
                04:00 AM
                07/21/2026
                Strategies for Managing AI Governance and Securing App-to-LLM API Traffic
                https://www.truthinit.com/index.php/channel/1967/strategies-for-managing-ai-governance-and-securing-app-to-llm-api-traffic/
              • 07/21/2026
                01:00 PM
                07/21/2026
                HUMAN Dialogue: Insights from Attackers During the FIFA World Cup
                https://www.truthinit.com/index.php/channel/2029/human-dialogue-insights-from-attackers-during-the-fifa-world-cup/
              • 07/22/2026
                06:30 AM
                07/22/2026
                Insights and Innovations in Data Privacy and Digital Protection
                https://www.truthinit.com/index.php/channel/2000/insights-and-innovations-in-data-privacy-and-digital-protection/
              • 07/28/2026
                01:00 PM
                07/28/2026
                Illumio + Netskope: Zero Trust in the Age of AI Autonomy
                https://www.truthinit.com/index.php/channel/2031/illumio-netskope-zero-trust-in-the-age-of-ai-autonomy/
              • 07/29/2026
                04:00 AM
                07/29/2026
                Real-Time Strategies for Safeguarding Against Prompt Injections
                https://www.truthinit.com/index.php/channel/1968/real-time-strategies-for-safeguarding-against-prompt-injections/
              • 07/29/2026
                12:00 PM
                07/29/2026
                Unified Data Security in Action: Uncover, Analyze, and Resolve Threats
                https://www.truthinit.com/index.php/channel/2045/unified-data-security-in-action-uncover-analyze-and-resolve-threats/
              • 07/29/2026
                01:00 PM
                07/29/2026
                Ask Your Cloud Anything: Unlocking Governance Silos in your Environments
                https://www.truthinit.com/index.php/channel/2048/ask-your-cloud-anything-unlocking-governance-silos-in-your-environments/
              • 08/19/2026
                12:00 PM
                08/19/2026
                Becoming Agent Ready: Insights from Cyera's Expertise
                https://www.truthinit.com/index.php/channel/2036/becoming-agent-ready-insights-from-cyeras-expertise/
              • 09/30/2026
                04:00 AM
                09/30/2026
                AI Command Center: Optimizing Visibility and Control in Your Operations
                https://www.truthinit.com/index.php/channel/2024/ai-command-center-optimizing-visibility-and-control-in-your-operations/

              Upcoming Events

              • Jul
                09

                The HUMAN Experience: Empowering Agentic Trust in Practice

                07/09/202601:00 PM ET
                • Jul
                  14

                  Crafting a Championship-Level Security Team for Unmatched Defense Success

                  07/14/202601:00 PM ET
                  • Jul
                    14

                    Understanding the Crucial Role of Context in AI Data

                    07/14/202602:00 PM ET
                    • Jul
                      21

                      Strategies for Managing AI Governance and Securing App-to-LLM API Traffic

                      07/21/202604:00 AM ET
                      • Jul
                        21

                        HUMAN Dialogue: Insights from Attackers During the FIFA World Cup

                        07/21/202601:00 PM ET
                        More events
                        Truth in IT
                        • Sponsor
                        • About Us
                        • Terms of Service
                        • Privacy Policy
                        • Contact Us
                        • Preference Management
                        Desktop version
                        Standard version