A remote worker requests access to an SSH server inside the network. You deployed a ZTNA Rule to their FortiClient. You need to follow the security requirements to inspect this traffic.
Which two statements are true regarding the requirements? (Choose two.)
To inspect SSH traffic for a remote worker, FortiGate can indeed perform SSH access proxy host-key validation. This ensures that the SSH connections are legitimate and secure. Additionally, configuring a FortiClient SSL-VPN tunnel is necessary to inspect the SSH traffic as it encapsulates the traffic for inspection purposes. ZTNA rules support SSH connections through these configurations, making both A and B the correct requirements.
Correct https://docs.fortinet.com/document/fortigate/7.4.1/administration-guide/29927/ztna-ssh-access-proxy-example
Are you sure about C because in the same link it says: When Encryption is disabled, the connection between the client and FortiGate access proxy is not encapsulated in HTTPS after the client and FortiGate connection is established. This allows for less overhead, because SSH is already a secure connection. Does this eliminate C ?
C is tricky but still correct because it says "tunneled" and not encrypted. The SSH traffic is tunneled over TCP443, but not encrypted.