Versions:
FG 7.2.8, EMS 7.2.4 and Client 7.24.
The Tags are only synced when I run Enable/Disable the EMS Fabric or by running this CLI:
diagnose test application fcnacd 99
Even TAGS aren't Matched with Endpoints in the Fortigate, but in EMS and Forticlient it's being tagged.
When I run the CLI then it's being tagged to the client.
Hello @aproost ,
This problem is annoying, I've experienced it many times. I created two workaround solutions for this.
The first is, if you are using fortianalyzer, to put it behind ztna and then have the clients send logs to fortianalyzer with this ip. Since this triggers the ztna connection, it wakes up the service and allows it to synchronize client IP addresses.
The second is to ensure that the command that resets the service runs at certain intervals within automation. This is not a method I recommend because the more it happens, the more burden it will be. So if you choose the second method, keep the frequency high.
Can it be related to this 7.2.4's known issue?
990863 | Zero trust network access (ZTNA) tags do not sync correctly between non-default EMS site and FortiGate. |
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1788 | |
1119 | |
768 | |
447 | |
242 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.