Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 7.4.0
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    ZTNA Reference Guide

    Home FortiGate / FortiOS 7.4.0 ZTNA Reference Guide
    7.4.0
    8.0.0
    7.6.0
    7.4.0
    7.2.1

    Error codes and replacement messages

    Error codes and replacement messages

    The following table summarizes the replacement message errors based on error code and category available in FortiOS 7.4.1 and later.

    Error

    code

    Error

    category

    Error message

    Description

    001

    Invalid ZTNA Certificate

    The page you requested has been blocked because the ZTNA certificate is invalid.

    The client endpoint has an invalid certificate that the FortiGate cannot recognize.

    002

    Invalid ZTNA Certificate

    The page you requested has been blocked because the ZTNA certificate is empty.

    The client endpoint did not provide a client certificate for the FortiGate to verify.

    003

    Invalid ZTNA Certificate

    The page you requested has been blocked because the device is manageable but with an empty ZTNA certificate.

    The client endpoint has FortiClient installed (hence manageable), but did not provide a client certificate for the FortiGate to verify.

    021

    ZTNA Application Not Found

    The page you requested has been blocked because no API gateway was matched.

    The client endpoint is looking for a page or service that is not configured in the FortiGate's ZTNA settings.

    022

    ZTNA Application Not Found

    The page you requested has been blocked because the real server in the API gateway cannot be found.

    The FortiGate is unable to serve the requested page or service because it cannot find the real server.

    023

    ZTNA Application Not Found

    The page you requested has been blocked because ZTNA FQDN DNS failed.

    The FortiGate cannot resolve the FQDN in the client endpoint's request.

    041

    ZTNA Portal Error

    The page you requested has been blocked because SSL VPN bookmark address failed.

    The FortiGate is unable to match a bookmark in the SSL VPN web portal used by the ZTNA application gateway.

    061

    ZTNA Policy Deny

    The page you requested has been blocked because no policy was matched.

    There is no ZTNA policy that matches the destination page that the client endpoint is requesting.

    062

    ZTNA Policy Deny

    The page you requested has been blocked because a policy with action deny was matched.

    The traffic matched a ZTNA deny policy.

    063

    ZTNA Policy Deny

    The page you requested has been blocked because the client cert has been revoked.

    The endpoint client is using a client certificate issued by FortiClient EMS that has been revoked.

    064

    ZTNA Policy Deny

    The page you requested has been blocked because the tags matched a deny policy.

    The endpoint client has a ZTNA tag that matches a ZTNA deny policy.

    065

    ZTNA Policy Deny

    The page you requested has been blocked because the tags didn’t match any policy.

    The endpoint client's ZTNA tags did not match any ZTNA policies, and its traffic is implicitly denied.

    066

    ZTNA Policy Deny

    The page you requested has been blocked because no device info was found.

    The FortiGate cannot find any device information for the client endpoint, resulting in a failed verification of the client.

    067

    ZTNA Policy Deny

    The page you requested has been blocked because the device is offline.

    The client endpoint is not connected to FortiClient EMS, hence is considered offline and blocked by the FortiGate.
    Previous
    Next

    Error codes and replacement messages

    Error codes and replacement messages

    The following table summarizes the replacement message errors based on error code and category available in FortiOS 7.4.1 and later.

    Error

    code

    Error

    category

    Error message

    Description

    001

    Invalid ZTNA Certificate

    The page you requested has been blocked because the ZTNA certificate is invalid.

    The client endpoint has an invalid certificate that the FortiGate cannot recognize.

    002

    Invalid ZTNA Certificate

    The page you requested has been blocked because the ZTNA certificate is empty.

    The client endpoint did not provide a client certificate for the FortiGate to verify.

    003

    Invalid ZTNA Certificate

    The page you requested has been blocked because the device is manageable but with an empty ZTNA certificate.

    The client endpoint has FortiClient installed (hence manageable), but did not provide a client certificate for the FortiGate to verify.

    021

    ZTNA Application Not Found

    The page you requested has been blocked because no API gateway was matched.

    The client endpoint is looking for a page or service that is not configured in the FortiGate's ZTNA settings.

    022

    ZTNA Application Not Found

    The page you requested has been blocked because the real server in the API gateway cannot be found.

    The FortiGate is unable to serve the requested page or service because it cannot find the real server.

    023

    ZTNA Application Not Found

    The page you requested has been blocked because ZTNA FQDN DNS failed.

    The FortiGate cannot resolve the FQDN in the client endpoint's request.

    041

    ZTNA Portal Error

    The page you requested has been blocked because SSL VPN bookmark address failed.

    The FortiGate is unable to match a bookmark in the SSL VPN web portal used by the ZTNA application gateway.

    061

    ZTNA Policy Deny

    The page you requested has been blocked because no policy was matched.

    There is no ZTNA policy that matches the destination page that the client endpoint is requesting.

    062

    ZTNA Policy Deny

    The page you requested has been blocked because a policy with action deny was matched.

    The traffic matched a ZTNA deny policy.

    063

    ZTNA Policy Deny

    The page you requested has been blocked because the client cert has been revoked.

    The endpoint client is using a client certificate issued by FortiClient EMS that has been revoked.

    064

    ZTNA Policy Deny

    The page you requested has been blocked because the tags matched a deny policy.

    The endpoint client has a ZTNA tag that matches a ZTNA deny policy.

    065

    ZTNA Policy Deny

    The page you requested has been blocked because the tags didn’t match any policy.

    The endpoint client's ZTNA tags did not match any ZTNA policies, and its traffic is implicitly denied.

    066

    ZTNA Policy Deny

    The page you requested has been blocked because no device info was found.

    The FortiGate cannot find any device information for the client endpoint, resulting in a failed verification of the client.

    067

    ZTNA Policy Deny

    The page you requested has been blocked because the device is offline.

    The client endpoint is not connected to FortiClient EMS, hence is considered offline and blocked by the FortiGate.
    Previous
    Next