Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
MayurAtTTI
New Contributor

Created on ‎06-18-2024 02:35 AM

Connection Timeout Issues with REST API and ApacheMQ Broker Service under ZTNA Policy

Dear Support Team,

I hope this message finds you well.

I am a Java developer working remotely and have recently encountered connectivity issues with our internal servers following the implementation of the Zero Trust Network Access (ZTNA) policy. Previously, I was able to connect to our servers using a VPN without any problems. However, since the transition to ZTNA, I am consistently facing connection timeout errors.

Labels:
835
0 Kudos
3 REPLIES 3
Anthony_E
Community Manager
Community Manager

Created on ‎06-20-2024 09:39 PM

Hello,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Anthony-Fortinet Community Team.
772
0 Kudos
Hatibi
Staff
Staff

Created on ‎06-21-2024 06:41 AM

Hello MayurAtTTI,

 

is the ZTNA configuration a HTTP access proxy or TCP forwarding proxy?

 

To investigate the issue you can enable following debugs in FGT CLI:

 

dia de reset

diagnose wad debug enable category all

diagnose wad debug enable level verbose

diagnose debug enable

 

 

Recreate the issue and after finishing enter the following to display ZTNA logs:

 

execute log filter category 0

execute log filter field subtype ztna

execute log display

 

This will give you an idea if there are device posture changes that would results in Policy violations.

Log&Report>ZTNA traffic should also provide you information about this.

 

Alternatively you can try to customize session ttl.

This can be used if stale TCP sessions need to be timed out faster, or should stay alive longer as certain software might need a longer session-ttl to keep functioning.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Customizing-Session-TTL-in-FortiOS/ta-p/19...

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Configuring-session-TTL-timers-for-particu...

 

Regards

 

749
MayurAtTTI
New Contributor
In response to Hatibi

Created on ‎06-26-2024 09:59 PM Edited on ‎06-26-2024 10:05 PM

We are using TCP forwarding proxy

I am using below method to send request to internal server from local system connected with ZTNA 

public MultipartUtility(String str) throws IOException {
 
// FOR DEBUGGING
requestURL = str;
 
boundary = "===" + System.currentTimeMillis() + "===";
 
URL url = new URL(this.requestURL);
HttpURLConnection httpConn = (HttpURLConnection) url.openConnection();
 
httpConn.setRequestMethod("POST");
httpConn.setUseCaches(false);
httpConn.setRequestProperty("Content-Type", "multipart/form-data; boundary=" + boundary);
httpConn.setRequestProperty("Content-Length", "");
httpConn.setRequestProperty("Content-Language", "en-US");
httpConn.setUseCaches(false);
httpConn.setDoInput(true);
httpConn.setDoOutput(true);
httpConn.setConnectTimeout(99999999);
httpConn.setReadTimeout(99999999);
 
outputStream = httpConn.getOutputStream();
writer = new PrintWriter(new OutputStreamWriter(outputStream, this.charset), true);
 
}
684
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.