I upgraded a firewall from 7.2.5 to 7.4.2 then 7.4.3 following the upgrade path for an 1100E.
Now all users are complaining about randomly getting their sessions dropped. This does not happen on our 7.2.X ztna gateways.
diag wad user list shows the user has a valid session, clearing the wad user does not do anything.
Disabling the policy that should be matched then re-enabling it allows the user to reconnect sessions for another random duration.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Which FortiClient version?
7.2.1.0779
I'd suggest first to update FortiClient to 7.2.3 since it fixes some ZTNA related issues.
Ref: https://docs.fortinet.com/document/forticlient/7.2.3/ems-release-notes/429894
If it doesn't help, I'd also suggest to completely remove the related policy and to create it again.
Created on 02-22-2024 11:02 AM Edited on 02-22-2024 11:23 AM
Same issue, different error now. It will work for a while then people get kicked out. Trying to sign back in gives this error. Disabling the rule, deleting the rule, deleting the ztna server...
At some random time later, it will work again.
Created on 02-22-2024 11:18 AM Edited on 02-22-2024 11:29 AM
I don't think this is the forticlient since I can go directly to the API gateway in a web browser and the fortigate says that a real server isn't configured with a different error 022.
Hi @aguerriero,
You will need to run wad debug and replicate the issue. You can refer to https://docs.fortinet.com/document/fortigate/7.4.3/administration-guide/286458/ztna-troubleshooting-...
WAD debug will give a lot of outputs so I suggest opening a ticket for further assistance.
Regards,
Created on 03-01-2024 05:14 PM Edited on 03-01-2024 05:15 PM
We are going back to 7.2.X. We got stuck in a pinch because 7.2.7 has a known issue for ipsec performance but we had to ugprade becaues of the CVE released.
We are planning on moving all features that require 7.2 or 7.4, or SSLVPN, to a different hardware vendor.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1702 | |
1092 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.