This article discusses issues with ZTNA tag syncing.
Scope
FortiGate v7.x.
Solution
ZTNA tags are synced when FortiClient EMS is added to Security Fabric To add FortiClient EMS to Security Fabric.
To Synchronize ZTNA tags, FortiClient sends info to WEBSocket on HTTPS port 8013. FortiGate uses fcnacd process to fetch info from web socket.
To check the fcnacd status, use the following command
diagnose debug application fcnacd 2
If ZTNA tags are not being synchronized properly, enable the following debugs and make some changes to tags on some endpoints:
diagnose debug application fcnacd -1 diagnose debug console timestamp enable diagnose endpoint filter show-large-data yes diagnose debug en
Restart the fcnacd process or make changes to endpoints to check the logs.
To restart the fcnacd process use the following command:
diagnose debug application fcnacd 99
Stop the debugs after reproducing the issue using the following commands:
diagnose debug disable diagnose debug reset