ZTNA Tagging for external traffic coming in on FortiGate 100F
We have a FortiGate 100F connected to a FortiClient EMS. EMS is configured to send all FC's tags to the FG which is working fine. I see the tags fine on the FG and they update just fine when we alter them in testing. The issue we have is when applying these tags to the IP/MAC Based Access Control on an incoming policy from the internet - it does not work at all. (Using the MAC address list). If i turn off the Access Control and set it to all traffic from the internet it works fine. Is this beyond the capabilities of the FG or am I overlooking something here? Surely the tcp packet is presenting the MAC address when connecting in. I understand the IP tag won't work externally as the IP the tag pulls is the local address.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.