Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Stephan_s
New Contributor III

ZTNA - tcp forwarding not working on macos

Dear Colleagues,

we are facing issues with tcp forwarding on some MacOS mashines. On some Macs its working quite fine but some are not able to connect to ZTNA Destinations, while the normal ZTNA Web-Proxie stuff is working.

The FortiClient logs are showing the following on these devices:

2024-02-26T15:08:55.162 TZ=+0100 info ztna mergeCfg:{"enabled":0,"rules":[{"name":"replaced","mode":"transparent","enabled":0,"destination":"replaced","gateway":"replaced","encryption":0,"local_port":"7788","type":"private"}],"portals":null,"gateways":[{"redirect":"0","addr":"replaced","alias":"replaced","rules":[{"name":"replaced","mode":"transparent","enabled":1,"destination":"replaced","gateway":"","encryption":0,"local_port":"7788","type":"private"}]}],"notify_on_error":1,"portals_enabled":1,"gateways_enabled":1}
2024-02-26T15:08:55.162 TZ=+0100 info ztna ztna disable

 

I replaced the private data with "replaced".

Every time you try to access a host, specified in the ZTNA Destinations, you will get this two lines in the ztna.log and ztnafw.log and it will not be able to connect.
Is this known to anybody and is there a solution around?

 

kind regards
stephan

PS: We are using FortiOS 7.2.7, EMS Cloud v7.2.2 build 0879 and FortiClient 7.2.3.0822 (we tried older Versions as well)

1 Solution
Stephan_s
New Contributor III

We found out how to fix this. I configured ZTNA destinations in EMS to be not visible to the Clients. Not sure if this is related to the Problem or the fix. But I made it visible again and the Clients could fix the problem by just disable ZTNA and activate it again on the tab "ZTNA Destination".

View solution in original post

3 REPLIES 3
Anthony_E
Community Manager
Community Manager

Hello Stephan,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Anthony-Fortinet Community Team.
Stephan_s
New Contributor III

We found out how to fix this. I configured ZTNA destinations in EMS to be not visible to the Clients. Not sure if this is related to the Problem or the fix. But I made it visible again and the Clients could fix the problem by just disable ZTNA and activate it again on the tab "ZTNA Destination".

Anthony_E
Community Manager
Community Manager

Thanks a lot for sharing the solution Stephan!

Anthony-Fortinet Community Team.
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors