Hello, I'm running FortiClient EMS 7.4.3 with a FG-120G on version 7.4.7. I've configured some ZTNA access on the FortiGate, and it works like a charm. Now, I'm trying to push the ZTNA connection through EMS. The great thing is, my ZTNA applications are automatically detected since my FortiGate and EMS are connected via a connector. My problem is: when I try to create an application, I can't see those gateways. And of course, if I try to create a new gateway with the same IP, I can't. In the ZTNA destination profile, I see both of my auto-detected applications, but they're not being pushed to the EMS client. So, I'm a little lost here — the "Web Proxy Rules" are not being pushed to the client, and I can't create a rule because I can't create an application, since I don't see the gateway. I was able to create an application with a fake gateway, download the XML, modify the gateway, and re-upload it. But I'm pretty sure it shouldn't be that complicated. If anyone can help me with this, it would be appreciated. Thanks,

scve_vlehemonet

Visitor III

Solved

Forticlient EMS - ZTNA gateway not showing when I add an application

Forum|Forum|1 year ago
April 29, 2025
1 reply
1865 views

Hello,

I'm running FortiClient EMS 7.4.3 with a FG-120G on version 7.4.7.

I've configured some ZTNA access on the FortiGate, and it works like a charm.

Now, I'm trying to push the ZTNA connection through EMS. The great thing is, my ZTNA applications are automatically detected since my FortiGate and EMS are connected via a connector.

Screenshot 2025-04-29 175438.png

My problem is: when I try to create an application, I can't see those gateways.

Screenshot 2025-04-29 175509.png

And of course, if I try to create a new gateway with the same IP, I can't.

Screenshot 2025-04-29 175541.png

In the ZTNA destination profile, I see both of my auto-detected applications, but they're not being pushed to the EMS client.

Screenshot 2025-04-29 180317.png

So, I'm a little lost here — the "Web Proxy Rules" are not being pushed to the client, and I can't create a rule because I can't create an application, since I don't see the gateway.

I was able to create an application with a fake gateway, download the XML, modify the gateway, and re-upload it. But I'm pretty sure it shouldn't be that complicated.

If anyone can help me with this, it would be appreciated.

Thanks,

Best answer by scve_vlehemonet

I finally found my mistake, my ZTNA destination in my FG was defined as HTTPS (reverse Proxy) and not as TCP Forwarding so of course it was not available in the ZTNA application. It works perfectly through the EMS now.

AEK

SuperUser

Hello

Didn't test it but I guess auto-detected gateways/applications can't be changed from EMS, but only from FG.

Unstead of adding application from EMS, you should simply add it from your FG and it will be synchronized automatically.

AEK

scve_vlehemonetAuthorAnswer

Visitor III

I finally found my mistake, my ZTNA destination in my FG was defined as HTTPS (reverse Proxy) and not as TCP Forwarding so of course it was not available in the ZTNA application. It works perfectly through the EMS now.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded