Description
This article will explain why IP address under IPS quarantined list is still able to access SSL VPN interface.
Scope
FortiGate.
Solution
Consider the scenario:
diagnose user quarantine list
The user with IP address 192.168.1.3 still can access the SSL VPN interface on the FortiGate, since the IPS (UTM/NGFW) process will be performed after the SSL VPN interface
The behavior is expected according to the below diagram of the life of a packet:
Related document:
To block this at the interface level, apply the 'local-in-policy'.
https://docs.fortinet.com/document/fortigate/7.4.0/administration-guide/363127/local-in-policy