Hello everybody,
I'm working in a ZTNA environment.
we have a simple ZTNA Firewall Policy rule that is working perfectly for each single Windows user.
All the users (windows or macos) have the same tags.
I have these tags too (I'm a macOS user):
when a macOS user tries to access ZTNA, we can see on Fortigate an error like this:
date=2024-10-09 time=16:14:43 id=7423779172176101376 itime="2024-10-09 16:14:43" euid=3 epid=101 dsteuid=3 dstepid=1053 logflag=3 logver=702101706 type="traffic" subtype="ztna" level="notice" action="deny" policyid=15 sessionid=10994158 srcip=xxx dstip=10.1.0.214 srcport=52177 dstport=3389 duration=19603 proto=6 sentbyte=10454368 rcvdbyte=31622617 logid=0005000024 service="RDP" app="RDP" appcat="unscanned" srcintfrole="wan" dstintfrole="lan" policytype="proxy-policy" eventtime=1728483282890140384 wanin=31622617 wanout=7184424 lanin=10454368 lanout=32300828 crscore=30 craction=131072 crlevel="high" poluuid="7f1a8a84-dfd7-51ee-4200-2edb944b93d3" srccountry="Italy" dstcountry="Reserved" srcintf="wan1" dstintf="internal" policyname="ZTNA to RDP" msg="Traffic denied because of failed to match a proxy-policy" threatwgts=30 threatcnts=1 threatlvls=3 threats=blocked-connection threattyps=blocked-connection tz="+0200" vip="ZTNA RDP" accessproxy="ZTNA RDP" gatewayid=1 proxyapptype="http" clientdevicemanageable="manageable" devid="FGT60FTK23099PH2" vd="root" dtime="2024-10-09 16:14:43" itime_t=1728483283 devname="ntd-fg"
This is happening after Forticlient EMS upgrade (7.2.5 build 1061). Is there any known issue for ZTNA and macOS?
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I solved the problem. The solution was to create manually the XML ZTNA configuration. I had to shift down the "gateways" tag, in order to be correctly recognized by the Forticlient on macOS.
Hi,
Please refer to this article:- https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-ZTNA-traffic-denied-because-of-faile....
I solved the problem. The solution was to create manually the XML ZTNA configuration. I had to shift down the "gateways" tag, in order to be correctly recognized by the Forticlient on macOS.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1673 | |
1083 | |
752 | |
446 | |
226 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.