Troubleshooting Tip: EMS troubleshooting if websocket is disconnected in FortiGate

If the EMS WebSocket appears disconnected on the FortiGate, the following steps should be taken to verify and resolve the issue.

To check the WebSocket status, run the following CLI command on the FortiGate:

diag test app fcnacd 2

The output will be as follows:

To change the WebSocket status:

1. Ensure the websocket-override for EMS is set to disable:

config endpoint-control fctems     edit <ems-id>         show # To see the details of the EMS         set websocket-override disable     next end

If the websocket-override is enabled, any changes made later on will not change the status of the Websocket.

2. Check the EMS Server:

1. In the EMS Console -> System Settings -> EMS Settings, check the FortiOS Connector Port. By default, the value should be '8015'.

2. In the EMS server, open a command prompt and find the services related to the port number using the following CLI command:

netstat -ano | findstr "8015"

3. After obtaining the PID, open Task Manager, go to the Details tab, and locate the service associated with the PID. This service should correspond to FOS_Server.exe, which is responsible for managing the server connection between EMS and FortiOS. Please ensure that its status is Running.

4. If FOS_Server.exe is not running, navigate to 'C:\Program Files (x86)\Fortinet\FortiClientEMS' and run the file from there.

    

    

One of the consequences of a disconnected WebSocket connection is a delay in updating EMS ZTNA Tags on the FortiGate.