I want to provide Active directory acces through ZTNA gateway.

Hi Sven,

Currently, a port range cannot be defined while configuring a resource on ZTNA gateway. You can add multiple ports, but cannot define a range. Regarding the second point, could you please provide more info about what you are trying to do?

Hi Tejas,

My second point is about asking if it's possible to connect an OnPremise AD for an remote domain computer about ZTNA agent.

If possible, this would mean to use just "internaldomain.local" as "internal FQDN" to connect to any DC which is answering, to not rely to just one DC. And next question would be what to use as "External FQDN" so the local Windows client know how to reach AD through ZTNA.

I suspect it's not possible, as it's expected to use Azure AD. Right?

Best,

Sven

You should consider to move to Azure AD for your internal domain.

There are certain benefits in doing so. ZTNA will not replace your VPN, if you still stick on the entire AD on Premise Stack. 

If I understand it correctly, the resources page that you are referring to, is for configuring the resources or applications that have to be accessed through the ZTNA gateway and not for the AD configuration. Having Azure AD is a pre-requisite for authentication and this configuration has to be done on the Identity Providers page. Hope this helps. 

I am also looking for a VPN replacement and was hoping to use ZTNA to redirect AD traffic for domain.local through the ZTNA gateway to the on-prem AD server. Is this possible?

My other option is just to deploy Windows Always-On VPN.

That is actually not the use case of a ZTNA Product. ZTNA would likely have a Azure AD in place. Azure AD has it own mechanism to sync data to a client. 
A ZTNA product is to keep the rest connected.