Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
esec
New Contributor III

Forticlient - ZTNA Connection Rules is missing

Hi,

 

have an issue with a newly configured EMS and Forticlient solution. On the Forticlient we are missing the "ZTNA Connection Rules" tab and when we configure a ZTNA Destination in EMS it doesn´t work or shows up in the hosts file. The ZTNA Destination profile also includes to allow personal 

 

We have also configured the ZTNA Server in the Fortigate, connected it to the fabric and verified licensing ("Zero Trust Access: Included").

 

The endpoint have a ZTNA Serial Number, endpoint  and the ZTNA features is installed. 

 

Have anyone experienced this issue before?

 

Image of the Forticlient

esec_1-1662650838394.png

 

Thanks!

 

 

10 REPLIES 10
amouawad
Staff
Staff

Just to confirm, do you have the ZTNA profile enabled? It won't show on the endpoints if it's not enabled:

 

amouawad_1-1662686238098.png

 

Also confirm that the policy has the correct ZTNA policy configured.

amouawad_0-1662686207264.png

 

esec
New Contributor III

Confirm that both are enabled and configured.

 

Also verified by downloading the XML that the ZTNA configuration exist:

 

<ztna>
<enabled>1</enabled>
<allow_personal_rules>1</allow_personal_rules>
<rules>
<rule uid="20E07D74-54B2-4E8C-A2B0-76415D947F22">
<name>App</name>

R_F
Contributor

Had a similar issue before. using FortiEMS 7.0.6 ZTNA tab is not visible to my endpoint installed with FortiClient. As part of my troubleshooting while waiting for a reply from Fortinet TAC, I downloaded my FortiClient to 7.0.5 and ZTNA tab displayed to my endpoint.

Per Fortinet TAC internal research, he mentioned that "EMS 7.0.6 starts checking for ZTNA license to enable ZTNA feature. If you use Fabric Agent license, ZTNA feature will not work."

 

Part of the issue, I am  using Fabric Agent license and I need to convert my license to ZTNA.

 

esec
New Contributor III

Thanks! That was promising, but unfortunately it didn´t work with 7.0.5 :(

 

The licensing is as below and looks correct to me?

Endpoint Protection & Cloud Sandbox
Enhanced Support
Firmware & General Updates
FortiClient ZTNA Agent
Telephone Support

maxs
New Contributor II

If it helps anyone, conversion is self-service via the asset management:

maxs_0-1676437215171.png

 

 

reconnecting_FTNT

Had this same problem.  In EMS, under Deployment & Installers > FortiClient Installer I had to add the ZTNA Network Access feature at the very bottom of the list.  Saved the installer, downloaded the new installer to the client, ran, rebooted and it showed up.

reconnecting_FTNT_0-1664378264936.png

 

 

minusnine
New Contributor

I had this same problem with the latest EMS.

If you open your ZTNA Destinations Profile - Select Advanced and you'll see the following "EYE" icon - this sets whether the tab is visible in the client.

minusnine_0-1667908316936.png

 




R_F
Contributor

would you mind raising a ticket to TAC for further investigation?

funkylicious
Contributor III

Hi,
I'm running a trial EMS 7.0.7 in my lab and had the same issue, in FortiClient 7.0.6 - 7.0.7 : ZTNA Connection Rules were not visible. Installed 7.0.5 and they appeared.

 

After that, I tried converting my EMS license in the portal and re-synced the EMS with the FortiCloud account or you can import the newly generated license file, installed FCT 7.0.7 and ZTNA Destination appeared.

geek
geek
Labels
Top Kudoed Authors