Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 7.6.0
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    ZTNA Reference Guide

    Home FortiGate / FortiOS 7.6.0 ZTNA Reference Guide
    7.6.0
    8.0.0
    7.6.0
    7.4.0
    7.2.1

    Error codes and replacement messages

    Error codes and replacement messages

    The following table summarizes the replacement message errors based on error code and category available in FortiOS 7.4.1 and later.

    Error code

    Error category

    Error message

    Description

    1

    Invalid ZTNA Certificate

    The page you requested has been blocked because the ZTNA certificate is invalid.

    The client endpoint has an invalid certificate that the FortiGate cannot recognize.

    2

    Invalid ZTNA Certificate

    The page you requested has been blocked because the ZTNA certificate is empty.

    The client endpoint did not provide a client certificate for the FortiGate to verify and empty-client-cert is set to block.

    3

    Invalid ZTNA Certificate

    The page you requested has been blocked because the device is manageable but with an empty ZTNA certificate.

    The client endpoint is manageable (non-mobile), but did not provide a client certificate for the FortiGate to verify.

    21

    ZTNA Application Not Found

    The page you requested has been blocked because no API gateway was matched.

    The client endpoint is looking for a page or service that is not configured in the FortiGate's ZTNA settings.

    22

    ZTNA Application Not Found

    The page you requested has been blocked because the real server in the API gateway cannot be found.

    The FortiGate is unable to serve the requested page or service because it cannot find the real server.

    23

    ZTNA Application Not Found

    The page you requested has been blocked because ZTNA FQDN DNS failed.

    The FortiGate cannot resolve the FQDN in the client endpoint's request.

    26

    ZTNA Connection Error

    There is a connection issue when attempting to reach the destination website.

    Real server certificate's CN field does not match FQDN in access proxy.

    27

    ZTNA Connection Error

    There is a connection issue when attempting to reach the destination website.

    Real server certificate is expired.

    28

    ZTNA Connection Error

    There is a connection issue when attempting to reach the destination website.

    Real server certificate is revoked.

    29

    ZTNA Connection Error

    There is a connection issue when attempting to reach the destination website.

    Real server certificate verification has timed out.

    30

    ZTNA Connection Error

    There is a connection issue when attempting to reach the destination website.

    Real server certificate verification failed.

    31

    ZTNA Connection Error

    There is a connection issue when attempting to reach the destination website.

    Untrusted real server certificate.

    41

    ZTNA Portal Error

    The page you requested has been blocked because SSL VPN bookmark address failed.

    The FortiGate is unable to match a bookmark in the SSL VPN web portal used by the ZTNA application gateway.

    61

    ZTNA Policy Deny

    The page you requested has been blocked because no policy was matched.

    There is no ZTNA policy that matches the destination page that the client endpoint is requesting.

    62

    ZTNA Policy Deny

    The page you requested has been blocked because a policy with action deny was matched.

    The traffic matched a ZTNA deny policy.

    63

    ZTNA Policy Deny

    The page you requested has been blocked because the client cert has been revoked.

    The endpoint client is using a client certificate issued by FortiClient EMS that has been revoked.

    64

    ZTNA Policy Deny

    The page you requested has been blocked because the tags matched a deny policy.

    The endpoint client has a ZTNA tag that matches a ZTNA deny policy.

    65

    ZTNA Policy Deny

    The page you requested has been blocked because the tags didn’t match any policy.

    The endpoint client's ZTNA tags did not match any ZTNA policies, and its traffic is implicitly denied.

    66

    ZTNA Policy Deny

    The page you requested has been blocked because no device info was found.

    The FortiGate cannot find any device information for the client endpoint, resulting in a failed verification of the client.

    67

    ZTNA Policy Deny

    The page you requested has been blocked because the device is offline.

    The client endpoint is not connected to FortiClient EMS, hence is considered offline and blocked by the FortiGate.

    68

    ZTNA Policy Denied

    The page you requested has been blocked because the device is unknown or unmanaged.

    The client endpoint is blocked because it is unmanaged, and the policy does not allow unmanaged devices.

    69

    ZTNA Policy Denied

    The page you requested has been blocked because authorization failed.

    The client endpoint failed authorization due to unmatched user group.
    Previous
    Next

    Error codes and replacement messages

    Error codes and replacement messages

    The following table summarizes the replacement message errors based on error code and category available in FortiOS 7.4.1 and later.

    Error code

    Error category

    Error message

    Description

    1

    Invalid ZTNA Certificate

    The page you requested has been blocked because the ZTNA certificate is invalid.

    The client endpoint has an invalid certificate that the FortiGate cannot recognize.

    2

    Invalid ZTNA Certificate

    The page you requested has been blocked because the ZTNA certificate is empty.

    The client endpoint did not provide a client certificate for the FortiGate to verify and empty-client-cert is set to block.

    3

    Invalid ZTNA Certificate

    The page you requested has been blocked because the device is manageable but with an empty ZTNA certificate.

    The client endpoint is manageable (non-mobile), but did not provide a client certificate for the FortiGate to verify.

    21

    ZTNA Application Not Found

    The page you requested has been blocked because no API gateway was matched.

    The client endpoint is looking for a page or service that is not configured in the FortiGate's ZTNA settings.

    22

    ZTNA Application Not Found

    The page you requested has been blocked because the real server in the API gateway cannot be found.

    The FortiGate is unable to serve the requested page or service because it cannot find the real server.

    23

    ZTNA Application Not Found

    The page you requested has been blocked because ZTNA FQDN DNS failed.

    The FortiGate cannot resolve the FQDN in the client endpoint's request.

    26

    ZTNA Connection Error

    There is a connection issue when attempting to reach the destination website.

    Real server certificate's CN field does not match FQDN in access proxy.

    27

    ZTNA Connection Error

    There is a connection issue when attempting to reach the destination website.

    Real server certificate is expired.

    28

    ZTNA Connection Error

    There is a connection issue when attempting to reach the destination website.

    Real server certificate is revoked.

    29

    ZTNA Connection Error

    There is a connection issue when attempting to reach the destination website.

    Real server certificate verification has timed out.

    30

    ZTNA Connection Error

    There is a connection issue when attempting to reach the destination website.

    Real server certificate verification failed.

    31

    ZTNA Connection Error

    There is a connection issue when attempting to reach the destination website.

    Untrusted real server certificate.

    41

    ZTNA Portal Error

    The page you requested has been blocked because SSL VPN bookmark address failed.

    The FortiGate is unable to match a bookmark in the SSL VPN web portal used by the ZTNA application gateway.

    61

    ZTNA Policy Deny

    The page you requested has been blocked because no policy was matched.

    There is no ZTNA policy that matches the destination page that the client endpoint is requesting.

    62

    ZTNA Policy Deny

    The page you requested has been blocked because a policy with action deny was matched.

    The traffic matched a ZTNA deny policy.

    63

    ZTNA Policy Deny

    The page you requested has been blocked because the client cert has been revoked.

    The endpoint client is using a client certificate issued by FortiClient EMS that has been revoked.

    64

    ZTNA Policy Deny

    The page you requested has been blocked because the tags matched a deny policy.

    The endpoint client has a ZTNA tag that matches a ZTNA deny policy.

    65

    ZTNA Policy Deny

    The page you requested has been blocked because the tags didn’t match any policy.

    The endpoint client's ZTNA tags did not match any ZTNA policies, and its traffic is implicitly denied.

    66

    ZTNA Policy Deny

    The page you requested has been blocked because no device info was found.

    The FortiGate cannot find any device information for the client endpoint, resulting in a failed verification of the client.

    67

    ZTNA Policy Deny

    The page you requested has been blocked because the device is offline.

    The client endpoint is not connected to FortiClient EMS, hence is considered offline and blocked by the FortiGate.

    68

    ZTNA Policy Denied

    The page you requested has been blocked because the device is unknown or unmanaged.

    The client endpoint is blocked because it is unmanaged, and the policy does not allow unmanaged devices.

    69

    ZTNA Policy Denied

    The page you requested has been blocked because authorization failed.

    The client endpoint failed authorization due to unmatched user group.
    Previous
    Next