Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
esec
New Contributor III

Created on ‎09-08-2022 11:01 AM

Forticlient - ZTNA Connection Rules is missing

Hi,

 

have an issue with a newly configured EMS and Forticlient solution. On the Forticlient we are missing the "ZTNA Connection Rules" tab and when we configure a ZTNA Destination in EMS it doesn´t work or shows up in the hosts file. The ZTNA Destination profile also includes to allow personal 

 

We have also configured the ZTNA Server in the Fortigate, connected it to the fabric and verified licensing ("Zero Trust Access: Included").

 

The endpoint have a ZTNA Serial Number, endpoint  and the ZTNA features is installed. 

 

Have anyone experienced this issue before?

 

Image of the Forticlient

esec_1-1662650838394.png

 

Thanks!

 

 

Labels:
7898
0 Kudos
11 REPLIES 11
amouawad
Staff
Staff

Created on ‎09-08-2022 06:18 PM

Just to confirm, do you have the ZTNA profile enabled? It won't show on the endpoints if it's not enabled:

 

amouawad_1-1662686238098.png

 

Also confirm that the policy has the correct ZTNA policy configured.

amouawad_0-1662686207264.png

 

7113
0 Kudos
esec
New Contributor III
In response to amouawad

Created on ‎09-08-2022 11:47 PM

Confirm that both are enabled and configured.

 

Also verified by downloading the XML that the ZTNA configuration exist:

 

<ztna>
<enabled>1</enabled>
<allow_personal_rules>1</allow_personal_rules>
<rules>
<rule uid="20E07D74-54B2-4E8C-A2B0-76415D947F22">
<name>App</name>

7106
0 Kudos
R_F
Contributor

Created on ‎09-09-2022 01:25 AM

Had a similar issue before. using FortiEMS 7.0.6 ZTNA tab is not visible to my endpoint installed with FortiClient. As part of my troubleshooting while waiting for a reply from Fortinet TAC, I downloaded my FortiClient to 7.0.5 and ZTNA tab displayed to my endpoint.

Per Fortinet TAC internal research, he mentioned that "EMS 7.0.6 starts checking for ZTNA license to enable ZTNA feature. If you use Fabric Agent license, ZTNA feature will not work."

 

Part of the issue, I am  using Fabric Agent license and I need to convert my license to ZTNA.

 

7099
0 Kudos
esec
New Contributor III
In response to R_F

Created on ‎09-09-2022 01:46 AM

Thanks! That was promising, but unfortunately it didn´t work with 7.0.5 :(

 

The licensing is as below and looks correct to me?

Endpoint Protection & Cloud Sandbox
Enhanced Support
Firmware & General Updates
FortiClient ZTNA Agent
Telephone Support

7097
maxs
New Contributor II
In response to R_F

Created on ‎02-14-2023 09:00 PM

If it helps anyone, conversion is self-service via the asset management:

maxs_0-1676437215171.png

 

 

6115
0 Kudos
reconnecting_FTNT
Staff
Staff

Created on ‎09-28-2022 08:18 AM

Had this same problem.  In EMS, under Deployment & Installers > FortiClient Installer I had to add the ZTNA Network Access feature at the very bottom of the list.  Saved the installer, downloaded the new installer to the client, ran, rebooted and it showed up.

reconnecting_FTNT_0-1664378264936.png

 

 

7005
0 Kudos
minusnine
New Contributor

Created on ‎11-08-2022 03:52 AM

I had this same problem with the latest EMS.

If you open your ZTNA Destinations Profile - Select Advanced and you'll see the following "EYE" icon - this sets whether the tab is visible in the client.

minusnine_0-1667908316936.png

 




6797
R_F
Contributor

Created on ‎11-08-2022 11:46 PM

would you mind raising a ticket to TAC for further investigation?

6779
0 Kudos
funkylicious
SuperUser
SuperUser

Created on ‎02-14-2023 11:12 PM

Hi,
I'm running a trial EMS 7.0.7 in my lab and had the same issue, in FortiClient 7.0.6 - 7.0.7 : ZTNA Connection Rules were not visible. Installed 7.0.5 and they appeared.

 

After that, I tried converting my EMS license in the portal and re-synced the EMS with the FortiCloud account or you can import the newly generated license file, installed FCT 7.0.7 and ZTNA Destination appeared.

"jack of all trades, master of none"
"jack of all trades, master of none"
6098
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.