Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
marara1
New Contributor

ZTNA Tagging for external traffic coming in on FortiGate 100F

Hi All,

We have a FortiGate 100F connected to a FortiClient EMS. EMS is configured to send all FC's tags to the FG which is working fine. I see the tags fine on the FG and they update just fine when we alter them in testing. The issue we have is when applying these tags to the IP/MAC Based Access Control on an incoming policy from the internet - it does not work at all. (Using the MAC address list). If i turn off the Access Control and set it to all traffic from the internet it works fine. Is this beyond the capabilities of the FG or am I overlooking something here? Surely the tcp packet is presenting the MAC address when connecting in. I understand the IP tag won't work externally as the IP the tag pulls is the local address.

Thanks!

https://showbox.bio https://tutuapp.uno/
1 REPLY 1
pgautam
Staff
Staff

Hi @marara1 

 

Thank you for updating your query.

Please update us on the Forticlient (FCT) and FortiOS versions.

 

You can check the below link for the IP/Mac-based working method:-

https://docs.fortinet.com/document/fortigate/7.4.0/administration-guide/477578/ztna-ip-mac-based-acc...

 

https://docs.fortinet.com/document/fortigate/7.2.5/administration-guide/477578/ztna-ip-mac-based-acc...

 

Regards
Priyanka


- Have you found a solution? Then give your helper a "Kudos" and mark the solution

Top Kudoed Authors