Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
scve_vlehemonet
New Contributor

Forticlient EMS - ZTNA gateway not showing when I add an application

Hello,

 

I'm running FortiClient EMS 7.4.3 with a FG-120G on version 7.4.7.

 

I've configured some ZTNA access on the FortiGate, and it works like a charm.

 

Now, I'm trying to push the ZTNA connection through EMS. The great thing is, my ZTNA applications are automatically detected since my FortiGate and EMS are connected via a connector.

 

Screenshot 2025-04-29 175438.png

My problem is: when I try to create an application, I can't see those gateways.

 

Screenshot 2025-04-29 175509.png

And of course, if I try to create a new gateway with the same IP, I can't.

 

Screenshot 2025-04-29 175541.png

 

In the ZTNA destination profile, I see both of my auto-detected applications, but they're not being pushed to the EMS client.

 

Screenshot 2025-04-29 180317.png

So, I'm a little lost here — the "Web Proxy Rules" are not being pushed to the client, and I can't create a rule because I can't create an application, since I don't see the gateway.

 

I was able to create an application with a fake gateway, download the XML, modify the gateway, and re-upload it. But I'm pretty sure it shouldn't be that complicated.

 

If anyone can help me with this, it would be appreciated.

 

Thanks,

 

1 Solution
scve_vlehemonet

I finally found my mistake, my ZTNA destination in my FG was defined as HTTPS (reverse Proxy) and not as TCP Forwarding so of course it was not available in the ZTNA application. It works perfectly through the EMS now.

View solution in original post

2 REPLIES 2
AEK
SuperUser
SuperUser

Hello

Didn't test it but I guess auto-detected gateways/applications can't be changed from EMS, but only from FG.

Unstead of adding application from EMS, you should simply add it from your FG and it will be synchronized automatically.

AEK
AEK
scve_vlehemonet

I finally found my mistake, my ZTNA destination in my FG was defined as HTTPS (reverse Proxy) and not as TCP Forwarding so of course it was not available in the ZTNA application. It works perfectly through the EMS now.

Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors