Technical Tip: Deleting Leftover ZTNA Tags on EMS Server

fatihseyligli · ‎08-26-2024

Description

This article describes a step-by-step guide on how to delete leftover ZTNA tags on the EMS server by removing the EMS fabric connector from FortiGate.

Scope

FortiClient EMS + EMS Cloud.

Solution

Pre-Requisites:

Admin access to the EMS server.
Admin access to the FortiGate appliance.

Troubleshooting:

Before proceeding with any commands, ensure that the EMS Fabric connector is removed from FortiGate. This can be done within the FortiGate's interface.

Access the FortiGate appliance via CLI (Command Line Interface).
Run the following commands to initiate debugging for the application 'fcnacd'.

diagnose debug application fcnacd -1
diagnose debug enable

Navigate to the EMS interface.
Go to Administration -> Fabric Devices pane.
Remove the FortiGate device that is authorized by EMS.
Switch back to the FortiGate CLI.
Run the following commands to update the application:

diagnose debug enable
diagnose debug application update -1
execute update-now

To stop debugging:

diagnose debug disable

diagnose debug reset

After executing the above commands, go back to FortiGate and re-add the EMS fabric connector.

Verify that the connection is established successfully and that the leftover ZTNA tags have been cleared.

If the ZTNA tags are not deleted after following these steps, consider reviewing the FortiGate debug logs for any errors.

Ensure that the correct FortiGate instance is being targeted, especially if managing multiple FortiGate devices.

Technical Tip: Deleting Leftover ZTNA Tags on EMS Server

You are leaving our website