Pre-Requisites:

• Admin access to the EMS server.
• Admin access to the FortiGate appliance.

Troubleshooting:

Before proceeding with any commands, ensure that the EMS Fabric connector is removed from FortiGate. This can be done within the FortiGate's interface.

• Access the FortiGate appliance via CLI (Command Line Interface).
• Run the following commands to initiate debugging for the application 'fcnacd'.
  
  

diagnose debug application fcnacd -1
diagnose debug enable

• Navigate to the EMS interface.
• Go to Administration -> Fabric Devices pane.
• Remove the FortiGate device that is authorized by EMS.
• Switch back to the FortiGate CLI.
• Run the following commands to update the application:
  
  

dia de en
dia de application update -1
exec update-now

After executing the above commands, go back to FortiGate and re-add the EMS fabric connector.

Verify that the connection is established successfully and that the leftover ZTNA tags have been cleared.

If the ZTNA tags are not deleted after following these steps, consider reviewing the FortiGate debug logs for any errors.

Ensure that the correct FortiGate instance is being targeted, especially if managing multiple FortiGate devices.