Troubleshooting Tip: ZTNA destination Inaccessible for some users

If some of the users are not able to access the ZTNA destination server while other groups and tags are working fine, run the following WAD debug:

diagnose debug console timestamp enable 

diagnose wad debug enable category all 

diagnose wad debug enable level verbose  

diagnose wad filter src x.x.x.x   -> x.x.x.x is the src IP

diagnose debug enable

V]2024-08-14 07:48:24.114724 [p:426][s:192939833] wad_vs_proxy_match_vhost :4440 6:xxx-Fx.8: no host matched.  <----- Error observed.
[I]2024-08-14 07:48:24.114729 [p:426][s:192939833] wad_elliptic_curve :3276 found elliptic curve 25

To stop debugging: 

diagnose debug disable

diagnose debug reset 

Verify the following settings on the FortiGate side:

•  ZTNA policy on the firewall has the correct TAG.

Verify the following settings on the FortiClient EMS side:

• Technical Tip: Synchronizing FortiClient EMS tags and configurations.