Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
sahmed_FTNT
Staff & Editor
Staff & Editor

Created on ‎08-06-2025 08:21 AM

Article Id 405071

Troubleshooting Tip: ZTNA destination Inaccessible for some users

Description This article describes an issue where the ZTNA destination is not available for some users.
Scope FortiClient EMS 7.4.x, FCT 7.4.x.
Solution

If some of the users are not able to access the ZTNA destination server while other groups and tags are working fine, run the following WAD debug:

 

diagnose debug console timestamp enable 

diagnose wad debug enable category all 

diagnose wad debug enable level verbose  

diagnose wad filter src x.x.x.x   -> x.x.x.x is the src IP

diagnose debug enable

 

V]2024-08-14 07:48:24.114724 [p:426][s:192939833] wad_vs_proxy_match_vhost :4440 6:xxx-Fx.8: no host matched<----- Error observed.
[I]2024-08-14 07:48:24.114729 [p:426][s:192939833] wad_elliptic_curve :3276 found elliptic curve 25

 

To stop debugging: 

 

diagnose debug disable

diagnose debug reset 

 

Verify the following settings on the FortiGate side:

 

  •  ZTNA policy on the firewall has the correct TAG.

 

Verify the following settings on the FortiClient EMS side:

 
Labels:
124
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.