Created on
07-18-2023
09:26 PM
Edited on
07-14-2025
01:24 PM
By
aguevara16
Description |
This article describes How to delete ZTNA Tags on FortiGate. |
Scope |
FortiGate, EMS v7.0+, v7.2+, 7.4+, 7.6+ |
Solution |
FortiGate offers two approaches to deleting ZTNA tags, but the options on the graphical user interface (GUI) are currently degraded while deleting the tags as shown below:
Method 1: Running the following Commands on FortiGate and removing the tags with the following options.
FGT1-A (global) # diagnose endpoint tags remove-by-
Method 2: Log in to EMS, select 'Zero Trust Tags', and select 'Zero Trust Tagging'.
First, delete the tagging rule and then delete the TAG from the EMS.
In the example below, the ZTNA Tag named 'Vulnerable_Devices' will be deleted.
This triggers an API call (notification object-id 12) to FortiGate, which marks the tag 'dirty' and if not referenced anywhere, it will be deleted.
However, if there is no connectivity for the EMS connector, then it will not process that API call.
Additionally, if the EMS connector has been moved to an ID other than the one referenced in the ZTNA tag, it may cause 'orphan' tags.
Re-enabling the EMS Fabric Connector in FortiGate with the same ID as the orphan ZTNA Tag will trigger a sync from EMS to FortiGate, which should remove any stale entries for Tags that have been removed in EMS and are not referenced in FortiGate. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.