Technical Tip: Using ZTNA error code messages to diagnose ZTNA connection failures
| Description | This article describes how to diagnose ZTNA error messages produced by FortiClient upon ZTNA connection failure. |
| Scope | FortiClient. FortiGate. ZTNA. |
| Solution | Whenever ZTNA connection fails, FortiClient presents a browser message that may look similar to the one below.
This HTML page is derived from FortiGate's ZTNA response and represents an underlying root case of the connection failure.
However, the reason for failure may not be apparent even with a relatively descriptive HTML error page. Fortinet has created a dedicated ZTNA error code reference document that expands on the information provided on the HTML error page on FortiClient.
For example, even though seemingly quite extensive, the above error code message may not help in understanding what is the exact cause of ZTNA connection failure. Knowing precisely what the error code 024 describes would be much more helpful. In this particular case, the 024 error code translates to the inability of FortiGate to reach the internal server (Real Server). Knowing that immediately sets further direction of troubleshooting, making it much more effective.
FortiGate official documentation offers a few examples of how to troubleshoot ZTNA connection failures based on the error code - ZTNA troubleshooting with error messages | FortiGate / FortiOS 7.6.6 | Fortinet Document Library.
Refer to the following documents for references to ZTNA error code messages: |