Skip to main content
marara1
marara1
New Member
August 12, 2023
Question

ZTNA Tagging for external traffic coming in on FortiGate 100F

  • August 12, 2023
  • 1 reply
  • 989 views

Hi All,

We have a FortiGate 100F connected to a FortiClient EMS. EMS is configured to send all FC's tags to the FG which is working fine. I see the tags fine on the FG and they update just fine when we alter them in testing. The issue we have is when applying these tags to the IP/MAC Based Access Control on an incoming policy from the internet - it does not work at all. (Using the MAC address list). If i turn off the Access Control and set it to all traffic from the internet it works fine. Is this beyond the capabilities of the FG or am I overlooking something here? Surely the tcp packet is presenting the MAC address when connecting in. I understand the IP tag won't work externally as the IP the tag pulls is the local address.

Thanks!

1 reply

A
Anonymous_User
New Contributor III
August 12, 2023

Hi @marara1 

 

Thank you for updating your query.

Please update us on the Forticlient (FCT) and FortiOS versions.

 

You can check the below link for the IP/Mac-based working method:-

https://docs.fortinet.com/document/fortigate/7.4.0/administration-guide/477578/ztna-ip-mac-based-access-control-example

 

https://docs.fortinet.com/document/fortigate/7.2.5/administration-guide/477578/ztna-ip-mac-based-access-control-example

 

Regards
Priyanka


- Have you found a solution? Then give your helper a "Kudos" and mark the solution

Terms & ConditionsAccessibility statement