Dear colleagues,
I don't get ZTNA running with Forticlient on Fedora Linux. I always get the massage
"ZTNA Access Denied
The page you requested has been blocked by a ZTNA restriction.
Details: Invalid ZTNA client certificate"
I tried Firefox, Chromium and Brave as Browsers but got the same result.
I rejoined the client to EMS, I reinstalled Forticlient but no change. Is there someone with the same problem or anybody who could help?
Forticlient 7.2.2.0753
EMS Forticloud
Fortigate 7.0.12
kind regards
stephan
Solved! Go to Solution.
At the end I could fix it by using another device. It was not working on my Lenovo T480 together with Linux even though it is working on T480 with windows. So just be informed that you may have trouble with some devices and Linux by using Forticlient which can maybe not be solved.
best
stephan
I could not find out why the endpoints not showing up. I removed the Fabric Connector between Fortigate and EMS Cloud and connected them again. But no change. The Fortigate does not know my Linux Endpoints even they are listed in EMS (online, off-fabric, everything looks normal there). The ZTNA Documentation says
"Based on the client information, EMS applies matching Zero Trust tagging rules to tag the clients. These tags, and the client certificate information, are synchronized with the FortiGate in real-time. This allows the FortiGate to verify the client's identity using the client certificate, and grant access based on the ZTNA tags applied in the ZTNA rule."
This seems to be not working for me. The Tags are synced but not the Client Certificates. Any Ideas?
Because there are only Widows clients in the Endpoint Record List I focused on trying to find out if there is a general misconfiguration or if it is a Linux/Linux client related issue. I added new Clients. A MacOS client, another Fedora Client and a Ubuntu Client (VM on my machine). It worked immediately for the MacOS Client but for none of the Linux clients. So it must be something related to Linux or the Forticlient on Linux.
At the end I could fix it by using another device. It was not working on my Lenovo T480 together with Linux even though it is working on T480 with windows. So just be informed that you may have trouble with some devices and Linux by using Forticlient which can maybe not be solved.
best
stephan
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.