Troubleshooting Tip: How to troubleshoot ZTNA portal configured for RDP Web bookmark is not opening due to WAD crashes

seyuboglu · ‎11-11-2025

Description

This article describes an issue with the ZTNA Portal RDP web bookmark is not working as expected.

Scope

FortiGate v7.6.4.

Solution

This issue is reported when the ZTNA web portal is configured for the RDP web bookmark.

An Example of ZTNA web portal configuration is shown below :

config firewall vip
edit "Agentless_ZTNA"
set uuid 4f8be974-8405-51f0-6189-2ca7d19e63a9
set type access-proxy
set server-type https
set extip 10.10.10.10
set extintf "port2"
set client-cert disable
set extport 20443
set ssl-certificate "Fortinet_Factory"
next
end

config firewall access-proxy-virtual-host
edit "ztna-web-portal-fqdn"
set ssl-certificate "Fortinet_Factory"
set host "1.1.1.1"
set client-cert disable
next
end

config authentication scheme
edit "local_auth_scheme"
set method basic
set user-database "local-user-db"
next
end

config authentication rule
edit "ZTNA_Portal"
set protocol ztna-portal
set active-auth-method "local_auth_scheme"
next
end

config ztna web-portal
edit "ZTNA_Web_Portal"
set vip "Agentless_ZTNA"
set host "ztna-web-portal-fqdn"
set auth-rule "ZTNA_Portal"
next
end

config ztna web-portal-bookmark
edit "Bookmarks"
set groups "local-group"
config bookmarks
edit "rdp_dc"
set apptype rdp
set host "172.16.20.1"
set port 3389
set width 800
set height 600
next
edit "TEST"
set url "http://test.test"
next
end
next
end

config firewall proxy-policy
edit 2
set name "ZTNA_Agentless_Webportal"
set proxy ztna-proxy
set ztna-proxy "ZTNA_Web_Portal"
set srcintf "port2"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set logtraffic all
next
end

The ZTNA web portal is working fine. But when the user wants to connect, the user gets an error message 'Site cannot be reached' error shown in the browser.

Enable WAD debugging for the destination server, WAD debug shows that traffic is hitting policy 1 and errors in below :

Commands to enable WAD debug is shown in below:

diagnose debug console timestamp enable
diagnose wad debug display pid enable
diagnose wad debug enable category all
diagnose wad debug enable level verbose
diagnose wad filter dst x.x.x.x
diagnose wad filter list
diagnose wad debug show
diagnose debug info

Debug output:

WAD unix stream client failed to connect server at @/wad_debug_ctrl : Connection refused
WAD unix stream fd=20 scheduler error
WAD unix stream client failed to connect server at @/wad_debug_ctrl : Connection refused

Every time user clicks the RDP bookmark, WAD daemon is crashing continuously.

An example of crashlog is shown below:

diagnose debug crashlog read

12469: 2025-08-31 17:33:20 <32382> firmware FortiGate-VM64 v7.6.4,build3596b3596,250820 (GA.F) (Release)
12470: 2025-08-31 17:33:20 <32382> application wad
12471: 2025-08-31 17:33:20 <32382> *** signal 11 (Segmentation fault) received ***
12472: 2025-08-31 17:33:20 <32382> AVDB 93.05762(08/31/0025 06:31)
12473: 2025-08-31 17:33:20 <32382> ETDB 93.05762(08/31/0025 06:31)
12474: 2025-08-31 17:33:20 <32382> EXDB 93.05717(08/29/0025 09:26)
12475: 2025-08-31 17:33:20 <32382> AVSO 04000000AVEN00701-00007.00046-2508150126
12476: 2025-08-31 17:33:20 <32382> Register dump:
12477: 2025-08-31 17:33:20 <32382> RAX: 0000000000000020 RBX: 00007f2638a70438
12478: 2025-08-31 17:33:20 <32382> RCX: 0000000000000000 RDX: 00007f2638a70520
12479: 2025-08-31 17:33:20 <32382> R08: 00007f263be08000 R09: 0000000000000015
12480: 2025-08-31 17:33:20 <32382> R10: 0000000000000011 R11: 00007f263c0000c0
12481: 2025-08-31 17:33:20 <32382> R12: 0000556e8875fde0 R13: 0000556e887602f0
12482: 2025-08-31 17:33:20 <32382> R14: 00007f26371f1548 R15: 0000556e88760220
12483: 2025-08-31 17:33:20 <32382> RSI: 00007f26371c6e01 RDI: 00007f2638a705c0
12484: 2025-08-31 17:33:20 <32382> RBP: 00007ffeb31893c0 RSP: 00007ffeb31893a0
12485: 2025-08-31 17:33:20 <32382> RIP: 0000556e824b0b54 EFLAGS: 0000000000010202
12486: 2025-08-31 17:33:20 <32382> CS: 0033 FS: 0000 GS: 0000
12487: 2025-08-31 17:33:20 <32382> Trap: 000000000000000e Error: 0000000000000004
12488: 2025-08-31 17:33:20 <32382> OldMask: 0000000000000000
12489: 2025-08-31 17:33:20 <32382> CR2: 0000000000000008
12490: 2025-08-31 17:33:20 <32382> stack: 0x7ffeb31893a0 - 0x7ffeb3189ef0
12491: 2025-08-31 17:33:20 <32382> Backtrace:
12492: 2025-08-31 17:33:20 <32382> [0x556e824b0b54] => /bin/wad {0x556e7f685000}
12493: 2025-08-31 17:33:20 <32382> [0x556e824b09e0] => /bin/wad {0x556e7f685000}
12494: 2025-08-31 17:33:20 <32382> [0x556e824b0197] => /bin/wad {0x556e7f685000}
12495: 2025-08-31 17:33:20 <32382> [0x556e81d14292] => /bin/wad {0x556e7f685000}
12496: 2025-08-31 17:33:20 <32382> [0x556e820c42a8] => /bin/wad {0x556e7f685000}
12497: 2025-08-31 17:33:20 <32382> [0x556e820c7446] => /bin/wad {0x556e7f685000}
12498: 2025-08-31 17:33:20 <32382> [0x556e820c5a3c] => /bin/wad {0x556e7f685000}
12499: 2025-08-31 17:33:20 <32382> [0x556e82927b9f] => /bin/wad {0x556e7f685000}
12500: 2025-08-31 17:33:20 <32382> [0x556e8219383a] => /bin/wad {0x556e7f685000}
12501: 2025-08-31 17:33:20 <32382> [0x556e821701e9] => /bin/wad {0x556e7f685000}
12502: 2025-08-31 17:33:20 <32382> [0x556e821a4e50] => /bin/wad {0x556e7f685000}
12503: 2025-08-31 17:33:20 <32382> [0x556e82170d0a] => /bin/wad {0x556e7f685000}
12504: 2025-08-31 17:33:20 <32382> [0x556e82169107] => /bin/wad {0x556e7f685000}
12505: 2025-08-31 17:33:20 <32382> [0x556e821691c2] => /bin/wad {0x556e7f685000}
12506: 2025-08-31 17:33:20 <32382> [0x556e81d0a848] => /bin/wad {0x556e7f685000}
12507: 2025-08-31 17:33:20 <32382> [0x556e8272396e] => /bin/wad {0x556e7f685000}
12508: 2025-08-31 17:33:20 <32382> [0x556e8261057d] => /bin/wad {0x556e7f685000}
12509: 2025-08-31 17:33:20 <32382> [0x556e82772cb7] => /bin/wad {0x556e7f685000}
12510: 2025-08-31 17:33:20 <32382> [0x556e7f9d887d] => /bin/wad {0x556e7f685000}
12511: 2025-08-31 17:33:20 <32382> [0x556e7f9e0961] => /bin/wad {0x556e7f685000}
12512: 2025-08-31 17:33:20 <32382> [0x7f263f4cde1b] => /lib/libc.so.6 {0x7f263f4aa000}
12513: 2025-08-31 17:33:20 <32382> [0x556e7f9d7daa] => /bin/wad {0x556e7f685000}
12514: 2025-08-31 17:33:20 <32382> fortidev 6.0.2.0008
12515: 2025-08-31 17:33:20 <32382> process=wad type=2 idx=0 av-scanning=no total=3947 free=1031
12516: 2025-08-31 17:33:20 mmu=4250671 mu=3858024 m=142927 f=106941 r=0
12517: 2025-08-31 17:33:20 <32382> cur_bank=(nil) curl_tl=0x556e87932810 curl_tm=0x7f2638b42c68
12518: 2025-08-31 17:33:20 <32382> (session info)
12519: 2025-08-31 17:33:20 [AV Engine <32382>] AV Engine version: 7.0.46
12520: 2025-08-31 17:33:20 [AV Engine <32382>] Last file info:
12521: 2025-08-31 17:33:20 [AV Engine <32382>] filename: , filesize: 0, filebuffer: (nil)
12522: 2025-08-31 17:33:20 [AV Engine <32382>] Native script imagebase: 0x7f263704c000
12523: 2025-08-31 17:33:20 [AV Engine <32382>] Native script imagesize: 0xb000
12524: 2025-08-31 17:33:20 [AV Engine <32382>] AV Engine imagebase: 0x7f263809f000
Crash log interval is 3600 seconds

This is a known issue in version 7.6.4, and it is fixed in version 7.6.5.

A workaround is possible to fix this issue with applying the 'send-preconnection-id' and 'preconnection-blob' commands in web-portal-bookmark configuration.

Example is shown as below:

config ztna web-portal-bookmark
edit "Bookmarks"
config bookmarks
edit "rdp_dc"
set send-preconnection-id enable
set preconnection-blob "conn"

Troubleshooting Tip: How to troubleshoot ZTNA portal configured for RDP Web bookmark is not opening due to WAD crashes

You are leaving our website