Configuring ZTNA Gateway Options
================================

.. note:: This section assumes you have already installed a ZTNA Gateway.  For ZTNA Gateway installation instructions refer to the link below.

See :doc:`/install/installing-ztna-gateway`

Enable ZTNA Client Option
-------------------------

See :ref:`enable-ztna-client-in-cloud-site`

ZTNA Client Split Tunneling Option
''''''''''''''''''''''''''''''''''
The network address entered into the Access Network text box (ex 192.168.100.0/24) will be routed through
the ZTNA Gateway while all other traffic will be routed out the local default gateway. 

Default setting: If nothing is entered, then all traffic (0.0.0.0/0) will be routed through the ZTNA Gateway.  

ZTNA Client Isolation Option
''''''''''''''''''''''''''''
When enabled, connected ZTNA clients with different IP addresses or different usernames will not be able to communicate.
ZTNA clients with different IP addresses but the same username will be able to communicate.

Default setting: Off.  All ZTNA connected clients can communicate with each other.

Enable ZTNA Netflow Agent Option
--------------------------------

See :doc:`/monitoring/network-traffic`

Enable Cloud Collector Option
-----------------------------

Ensure steps 10 and 11 in the link below have been completed for the appropriate Hub site.

See :ref:`create-cloud-site`

Enable Multi-Factor (MFA, 2FA, 2-step) Authentication for ZTNA Connection Manager
---------------------------------------------------------------------------------

To enable MFA for clients connecting through the ZTNA Gateway, refer to the link below.

See :doc:`/authentication/enabling-authentication/mfagateway`