FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes and shows the troubleshooting step if the ZTNA TAG does not resolve in the FortiGate from the FortiEMS.
Scope
FortiGate, FortiEMS.
Solution
If it has been found that the ZTNA tags are not resolving in FortiGate the first step is to verify the connection with EMS and check with the EMS debug. The following article shows the troubleshooting steps to check and verify the connection with EMS with debug commands: Troubleshooting Tip: Troubleshooting FortiGate with EMS
After running the 'diagnose debug application fcnacd -1' debug the report may show the following result.
2025-01-02 10:04:20 [_update_obj_stats:336] Storing (9, default.forti-ems.moto-profil.pl, 17) 2025-01-02 10:04:20 [ec_ez_worker_process:426] Call completed with failure. obj-id: 9, desc: "REST API to get updates about vulnerabilities.", entry: "api/v1/report/fct/vuln". error info: Error (-1@ec_ems_rest_api_preprocess_result:67). Error: http code 500. (fcems_report_preprocess,307)Issue in pre-processing the result (_vuln_report_pr ocess_result,773)
If the HTTP error code 500 appears it means when FortiGate submits the API calls from FortiOS to EMS the call is completed with the mentioned error code and the API calls failed. This means the server cannot fulfill the API request initiated by FortiGate.
The primary step is to reboot the EMS console and if the reboot does not resolve the issue it is requested to open a ticket to the TAC with the FortiClient EMS serial number.
