Fortinet black logo

Handbook

ZTNA troubleshooting and debugging

ZTNA troubleshooting and debugging

The following CLI commands can be used to troubleshoot ZTNA issues:

Command

Description

# execute fctems test-connectivity <EMS>

Verify the FortiADC to FortiClient EMS connectivity. This provides the connection status of your FortiClient EMS connector configuration. If the connection is not successful, further detail is provided for the status condition.

# execute fctems is-verified <EMS>

Check if the configured EMS server has a verified certificate.

# diagnose debug module fcnacd

View information about your FortiClient NAC daemon (fcnacd), which handles FortiADC to FortiClient EMS connectivity.

# diagnose endpoint-control client list

List the FortiClient endpoints synchronized to FortiADC from FortiClient EMS.

# diagnose endpoint-control tag list

List the ZTNA tags synchronized to FortiADC from FortiClient EMS.

# diagnose debug module httproxy ztna

View information about your Layer 7 HTTPS virtual server that has referenced a ZTNA Profile.

For details of the above commands, see the FortiADC CLI Reference document.

ZTNA troubleshooting and debugging

The following CLI commands can be used to troubleshoot ZTNA issues:

Command

Description

# execute fctems test-connectivity <EMS>

Verify the FortiADC to FortiClient EMS connectivity. This provides the connection status of your FortiClient EMS connector configuration. If the connection is not successful, further detail is provided for the status condition.

# execute fctems is-verified <EMS>

Check if the configured EMS server has a verified certificate.

# diagnose debug module fcnacd

View information about your FortiClient NAC daemon (fcnacd), which handles FortiADC to FortiClient EMS connectivity.

# diagnose endpoint-control client list

List the FortiClient endpoints synchronized to FortiADC from FortiClient EMS.

# diagnose endpoint-control tag list

List the ZTNA tags synchronized to FortiADC from FortiClient EMS.

# diagnose debug module httproxy ztna

View information about your Layer 7 HTTPS virtual server that has referenced a ZTNA Profile.

For details of the above commands, see the FortiADC CLI Reference document.