Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

ZTNA Tagging for external traffic coming in on FortiGate 100F

Hi All,

We have a FortiGate 100F connected to a FortiClient EMS. EMS is configured to send all FC's tags to the FG which is working fine. I see the tags fine on the FG and they update just fine when we alter them in testing. The issue we have is when applying these tags to the IP/MAC Based Access Control on an incoming policy from the internet - it does not work at all. (Using the MAC address list). If i turn off the Access Control and set it to all traffic from the internet it works fine. Is this beyond the capabilities of the FG or am I overlooking something here? Surely the tcp packet is presenting the MAC address when connecting in. I understand the IP tag won't work externally as the IP the tag pulls is the local address.


Hi @marara1 


Thank you for updating your query.

Please update us on the Forticlient (FCT) and FortiOS versions.


You can check the below link for the IP/Mac-based working method:-



- Have you found a solution? Then give your helper a "Kudos" and mark the solution

Top Kudoed Authors