Hello everybody, 

I've been working with a ZTNA for about a year without problems.

Since Forticlient EMS upgraded to 7.2.5 version, something strange is happenening.

This user, who has always worked with ZTNA, can't access network resources anymore (he was Off-Fabric during the connection attempts).

This is one the logs:

date=2024-10-09 time=16:14:43 id=7423779172176101376 itime="2024-10-09 16:14:43" euid=3 epid=101 dsteuid=3 dstepid=1053 logflag=3 logver=702101706 type="traffic" subtype="ztna" level="notice" action="deny" policyid=15 sessionid=10994158 srcip=xxxx dstip=10.1.0.214 srcport=52177 dstport=3389 duration=19603 proto=6 sentbyte=10454368 rcvdbyte=31622617 logid=0005000024 service="RDP" app="RDP" appcat="unscanned" srcintfrole="wan" dstintfrole="lan" policytype="proxy-policy" eventtime=1728483282890140384 wanin=31622617 wanout=7184424 lanin=10454368 lanout=32300828 crscore=30 craction=131072 crlevel="high" poluuid="7f1a8a84-dfd7-51ee-4200-2edb944b93d3" srccountry="Italy" dstcountry="Reserved" srcintf="wan1" dstintf="internal" policyname="ZTNA to RDP" msg="Traffic denied because of failed to match a proxy-policy" threatwgts=30 threatcnts=1 threatlvls=3 threats=blocked-connection threattyps=blocked-connection tz="+0200" vip="ZTNA RDP" accessproxy="ZTNA RDP" gatewayid=1 proxyapptype="http" clientdevicemanageable="manageable" devid="FGT60FTK23099PH2" vd="root" dtime="2024-10-09 16:14:43" itime_t=1728483283 devname="ntd-fg"

The most interesting part I think is msg="Traffic denied because of failed to match a proxy-policy".

But, if we check the policy, nothing should be blocked:

This is a firewall policy.

The error is saying something about a proxy-policy (that I don't have). Is this the problem? I don't think so, because ZTNA worked until yesterday. 

What do you think?