Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiGate / FortiOS 7.0.4 Administration Guide
    7.0.4
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0

    ZTNA IP MAC based access control example

    ZTNA IP MAC based access control example

    In this example, firewall policies are configured that use ZTNA tags to control access between on-net devices and an internal web server. This mode does not require the use of the access proxy, and only uses ZTNA tags for access control. Traffic is passed when the FortiClient endpoint is tagged as Low risk only. Traffic is denied when the FortiClient endpoint is tagged with Malicious-File-Detected.

    This example assumes that the FortiGate EMS fabric connector is already successfully connected.

    Note

    To configure ZTNA in the GUI, go to System > Feature Visibility and enable Zero Trust Network Access.
    To configure a Zero Trust tagging rule on the FortiClient EMS:

    1. Log in to the FortiClient EMS.

    2. Go to Zero Trust Tags > Zero Trust Tagging Rules, and click Add.

    3. In the Name field, enter Malicious-File-Detected.

    4. In the Tag Endpoint As dropdown list, select Malicious-File-Detected.

      EMS uses this tag to dynamically group together endpoints that satisfy the rule, as well as any other rules that are configured to use this tag.

    5. Click Add Rule then configure the rule:

      1. For OS, select Windows.

      2. From the Rule Type dropdown list, select File and click the + button.

      3. Enter a file name, such as C:\virus.txt.

      4. Click Save.

    6. Click Save.

    To configure a firewall policy with IP/MAC based access control to deny traffic in the GUI:

    1. Go to Policy & Objects > Firewall Policy and click Create New.

    2. Set Name to block-internal-malicious-access.

    3. Set Incoming Interface to default.35.

    4. Set Outgoing Interface to port3.

    5. Set Source to all.

    6. Set IP/MAC Based Access Control to the Malicious-File-Detected tag.

    7. Set Destination to all.

    8. Set Service to ALL.

    9. Set Action to DENY.

    10. Enable Log Violation Traffic.

    11. Configuring the remaining settings as needed.

    12. Click OK.

    To configure a firewall policy with IP/MAC based access control to allow access in the GUI:

    1. Go to Policy & Objects > Firewall Policy and click Create New.

    2. Set Name to allow-internal-access.

    3. Set Incoming Interface to default.35.

    4. Set Outgoing Interface to port3.

    5. Set Source to all.

    6. Set IP/MAC Based Access Control to the Low tag.

    7. Set Destination to all.

    8. Set Service to ALL.

    9. Set Action to ACCEPT.

    10. Enable Log Allowed Traffic and set it to All Sessions.

    11. Configuring the remaining settings as needed.

    12. Click OK.

    To configure firewall policies with IP/MAC based access control to block and allow access in the CLI:
    config firewall policy
    edit 29
        set name "block-internal-malicious-access"
        set srcintf "default.35"
        set dstintf "port3"
        set srcaddr "all"
        set dstaddr "all"
        set ztna-status enable
        set ztna-ems-tag "FCTEMS0000109188_Malicious-File-Detected"
        set schedule "always"
        set service "ALL"
        set logtraffic all
    next
    edit 30
        set name "allow-internal-access"
        set srcintf "default.35"
        set dstintf "port3"
        set srcaddr "all"
        set dstaddr "all"
        set ztna-status enable
        set ztna-ems-tag "FCTEMS0000109188_Low"
        set action accept
        set schedule "always"
        set service "ALL"
        set inspection-mode proxy
        set logtraffic all
        set nat enable
    next
end

    Testing the access to the web server from the on-net client endpoint

    Access allowed:

    1. On the remote Windows PC, open FortiClient.

    2. On the Zero Trust Telemetry tab, make sure that you are connected to the EMS server.

    3. Open a browser and enter the address of the server.

    4. The FortiGate matches your security posture by verifying your ZTNA tag and matching the corresponding allow-internal-access firewall policy, and you are allowed access to the web server.

    Access denied:

    1. On the remote Windows PC, trigger the Zero Trust Tagging Rule by creating the file in C:\virus.txt.

    2. Open a browser and enter the address of the server.

    3. FortiGate checks your security posture. Because EMS has tagged the PC with the Malicious-File-Detected tag, it matches the block-internal-malicious-access firewall policy.

    4. You are denied access to the web server.

    Logs and debugs

    Access allowed:
    # diagnose endpoint record list
Record #1:
                IP Address = 192.168.40.8
                MAC Address = 24:b6:fd:fa:54:c1
                MAC list = 24:b6:fd:fa:54:c1;54:15:cd:3f:f8:30;9c:b7:0d:2d:5c:d1;
                VDOM = root (0)
                EMS serial number: FCTEMS0000109188
                Client cert SN: 563DA313367608678A3633E93C574F6F8BCB4A95
                Public IP address: 192.157.105.35
                Quarantined: no
                Online status: online
                Registration status: registered
                On-net status: on-net
                Gateway Interface: default.35
                FortiClient version: 7.0.0
                AVDB version: 0.0
                FortiClient app signature version: 0.0
                FortiClient vulnerability scan engine version: 2.30
                FortiClient UID: F4F3263AEBE54777A6509A8FCCDF9284
                ….
                Number of Routes: (1)
                        Gateway Route #0:
                                - IP:192.168.40.8, MAC: 24:b6:fd:fa:54:c1, Indirect: no
                                - Interface:default.35, VFID:0, SN: FGVM04TM21000144
online records: 1; offline records: 0; quarantined records: 0

    # diagnose endpoint lls-comm send ztna find-ip-vdom 192.168.40.8 root
UID: F4F3263AEBE54777A6509A8FCCDF9284
        status code:ok
        Domain:
        User: keithli
        Cert SN:563DA313367608678A3633E93C574F6F8BCB4A95
        EMS SN: FCTEMS0000109188
        Routes(1):
         - route[0]: IP=192.168.40.8, VDom=root
        Tags(2):
         - tag[0]: name=all_registered_clients
         - tag[1]: name=Low
    # diagnose firewall dynamic list
List all dynamic addresses:
FCTEMS0000109188_all_registered_clients: ID(51)
        ADDR(172.17.194.209)
        ADDR(192.168.40.8)
…

FCTEMS0000109188_Low: ID(78)
        ADDR(172.17.194.209)
        ADDR(192.168.40.8)
…

FCTEMS0000109188_Malicious-File-Detected: ID(190)
…

    # diagnose test application fcnacd 7
ZTNA Cache:
-uid F4F3263AEBE54777A6509A8FCCDF9284: { "tags": [ "all_registered_clients", "Low" ], "user_name": "keithli", "client_cert_sn": "563DA313367608678A3633E93C574F6F8BCB4A95", "gateway_route_list": [ { "gateway_info": { "fgt_sn": "FGVM04TM21000144", "interface": "default.35", "vdom": "root" }, "route_info": [ { "ip": "192.168.40.8", "mac": "24-b6-fd-fa-54-c1", "route_type": "direct" } ] } ], "ems_sn": "FCTEMS0000109188" }

    # execute log display
49 logs found.
10 logs returned.
3.5% of logs has been searched.
38: date=2021-03-28 time=23:07:38 eventtime=1616998058790134389 tz="-0700" logid="0000000013" type="traffic" subtype="forward" level="notice" vd="root" srcip=192.168.40.8 srcname="Fortinet-KeithL" srcport=51056 srcintf="default.35" srcintfrole="undefined" dstip=192.168.20.6 dstport=443 dstintf="port3" dstintfrole="undefined" srcuuid="5445be2e-5d7b-51ea-e2c3-ae6b7855c52f" dstuuid="5445be2e-5d7b-51ea-e2c3-ae6b7855c52f" srccountry="Reserved" dstcountry="Reserved" sessionid=161585 proto=6 action="close" policyid=30 policytype="policy" poluuid="8f6ea492-9034-51eb-f197-c00d803b7489" policyname="allow-internal-access" service="HTTPS" trandisp="snat" transip=192.168.20.5 transport=51056 duration=2 sentbyte=3374 rcvdbyte=107732 sentpkt=50 rcvdpkt=80 fctuid="F4F3263AEBE54777A6509A8FCCDF9284" unauthuser="keithli" unauthusersource="forticlient" appcat="unscanned" mastersrcmac="24:b6:fd:fa:54:c1" srcmac="24:b6:fd:fa:54:c1" srcserver=0 dstosname="Windows" dstswversion="10" masterdstmac="52:54:00:e3:4c:1a" dstmac="52:54:00:e3:4c:1a" dstserver=0
    Access denied:
    # diagnose endpoint lls-comm send ztna find-ip-vdom 192.168.40.8 root
UID: F4F3263AEBE54777A6509A8FCCDF9284
        status code:ok
        Domain:
        User: keithli
        Cert SN:563DA313367608678A3633E93C574F6F8BCB4A95
        EMS SN: FCTEMS0000109188
        Routes(1):
         - route[0]: IP=192.168.40.8, VDom=root
        Tags(3):
         - tag[0]: name=Malicious-File-Detected
         - tag[1]: name=all_registered_clients
         - tag[2]: name=Low
    # diagnose firewall dynamic list
List all dynamic addresses:
FCTEMS0000109188_all_registered_clients: ID(51)
        ADDR(172.17.194.209)
        ADDR(192.168.40.8)
…
FCTEMS0000109188_Low: ID(78)
        ADDR(172.17.194.209)
        ADDR(192.168.40.8)
…
FCTEMS0000109188_Malicious-File-Detected: ID(190)
        ADDR(172.17.194.209)
        ADDR(192.168.40.8)
…

    # diagnose test application fcnacd 7
ZTNA Cache:
-uid F4F3263AEBE54777A6509A8FCCDF9284: { "user_name": "keithli", "client_cert_sn": "563DA313367608678A3633E93C574F6F8BCB4A95", "gateway_route_list": [ { "gateway_info": { "fgt_sn": "FGVM04TM21000144", "interface": "default.35", "vdom": "root" }, "route_info": [ { "ip": "192.168.40.8", "mac": "24-b6-fd-fa-54-c1", "route_type": "direct" } ] } ], "ems_sn": "FCTEMS0000109188", "tags": [ "Malicious-File-Detected", "all_registered_clients", "Low" ] }
    # execute log display
49 logs found.
10 logs returned.
3.5% of logs has been searched.

11: date=2021-03-28 time=23:14:41 eventtime=1616998481409744928 tz="-0700" logid="0000000013" type="traffic" subtype="forward" level="notice" vd="root" srcip=192.168.40.8 srcname="Fortinet-KeithL" srcport=51140 srcintf="default.35" srcintfrole="undefined" dstip=192.168.20.6 dstport=443 dstintf="port3" dstintfrole="undefined" srcuuid="5445be2e-5d7b-51ea-e2c3-ae6b7855c52f" dstuuid="5445be2e-5d7b-51ea-e2c3-ae6b7855c52f" srccountry="Reserved" dstcountry="Reserved" sessionid=162808 proto=6 action="deny" policyid=29 policytype="policy" poluuid="2835666c-9034-51eb-135d-2f56e5f0f7a2" policyname="block-internal-malicious-access" service="HTTPS" trandisp="noop" duration=0 sentbyte=0 rcvdbyte=0 sentpkt=0 fctuid="F4F3263AEBE54777A6509A8FCCDF9284" unauthuser="keithli" unauthusersource="forticlient" appcat="unscanned" crscore=30 craction=131072 crlevel="high" mastersrcmac="24:b6:fd:fa:54:c1" srcmac="24:b6:fd:fa:54:c1" srcserver=0
    Previous
    Next

    ZTNA IP MAC based access control example

    ZTNA IP MAC based access control example

    In this example, firewall policies are configured that use ZTNA tags to control access between on-net devices and an internal web server. This mode does not require the use of the access proxy, and only uses ZTNA tags for access control. Traffic is passed when the FortiClient endpoint is tagged as Low risk only. Traffic is denied when the FortiClient endpoint is tagged with Malicious-File-Detected.

    This example assumes that the FortiGate EMS fabric connector is already successfully connected.

    Note

    To configure ZTNA in the GUI, go to System > Feature Visibility and enable Zero Trust Network Access.
    To configure a Zero Trust tagging rule on the FortiClient EMS:

    1. Log in to the FortiClient EMS.

    2. Go to Zero Trust Tags > Zero Trust Tagging Rules, and click Add.

    3. In the Name field, enter Malicious-File-Detected.

    4. In the Tag Endpoint As dropdown list, select Malicious-File-Detected.

      EMS uses this tag to dynamically group together endpoints that satisfy the rule, as well as any other rules that are configured to use this tag.

    5. Click Add Rule then configure the rule:

      1. For OS, select Windows.

      2. From the Rule Type dropdown list, select File and click the + button.

      3. Enter a file name, such as C:\virus.txt.

      4. Click Save.

    6. Click Save.

    To configure a firewall policy with IP/MAC based access control to deny traffic in the GUI:

    1. Go to Policy & Objects > Firewall Policy and click Create New.

    2. Set Name to block-internal-malicious-access.

    3. Set Incoming Interface to default.35.

    4. Set Outgoing Interface to port3.

    5. Set Source to all.

    6. Set IP/MAC Based Access Control to the Malicious-File-Detected tag.

    7. Set Destination to all.

    8. Set Service to ALL.

    9. Set Action to DENY.

    10. Enable Log Violation Traffic.

    11. Configuring the remaining settings as needed.

    12. Click OK.

    To configure a firewall policy with IP/MAC based access control to allow access in the GUI:

    1. Go to Policy & Objects > Firewall Policy and click Create New.

    2. Set Name to allow-internal-access.

    3. Set Incoming Interface to default.35.

    4. Set Outgoing Interface to port3.

    5. Set Source to all.

    6. Set IP/MAC Based Access Control to the Low tag.

    7. Set Destination to all.

    8. Set Service to ALL.

    9. Set Action to ACCEPT.

    10. Enable Log Allowed Traffic and set it to All Sessions.

    11. Configuring the remaining settings as needed.

    12. Click OK.

    To configure firewall policies with IP/MAC based access control to block and allow access in the CLI:
    config firewall policy
    edit 29
        set name "block-internal-malicious-access"
        set srcintf "default.35"
        set dstintf "port3"
        set srcaddr "all"
        set dstaddr "all"
        set ztna-status enable
        set ztna-ems-tag "FCTEMS0000109188_Malicious-File-Detected"
        set schedule "always"
        set service "ALL"
        set logtraffic all
    next
    edit 30
        set name "allow-internal-access"
        set srcintf "default.35"
        set dstintf "port3"
        set srcaddr "all"
        set dstaddr "all"
        set ztna-status enable
        set ztna-ems-tag "FCTEMS0000109188_Low"
        set action accept
        set schedule "always"
        set service "ALL"
        set inspection-mode proxy
        set logtraffic all
        set nat enable
    next
end

    Testing the access to the web server from the on-net client endpoint

    Access allowed:

    1. On the remote Windows PC, open FortiClient.

    2. On the Zero Trust Telemetry tab, make sure that you are connected to the EMS server.

    3. Open a browser and enter the address of the server.

    4. The FortiGate matches your security posture by verifying your ZTNA tag and matching the corresponding allow-internal-access firewall policy, and you are allowed access to the web server.

    Access denied:

    1. On the remote Windows PC, trigger the Zero Trust Tagging Rule by creating the file in C:\virus.txt.

    2. Open a browser and enter the address of the server.

    3. FortiGate checks your security posture. Because EMS has tagged the PC with the Malicious-File-Detected tag, it matches the block-internal-malicious-access firewall policy.

    4. You are denied access to the web server.

    Logs and debugs

    Access allowed:
    # diagnose endpoint record list
Record #1:
                IP Address = 192.168.40.8
                MAC Address = 24:b6:fd:fa:54:c1
                MAC list = 24:b6:fd:fa:54:c1;54:15:cd:3f:f8:30;9c:b7:0d:2d:5c:d1;
                VDOM = root (0)
                EMS serial number: FCTEMS0000109188
                Client cert SN: 563DA313367608678A3633E93C574F6F8BCB4A95
                Public IP address: 192.157.105.35
                Quarantined: no
                Online status: online
                Registration status: registered
                On-net status: on-net
                Gateway Interface: default.35
                FortiClient version: 7.0.0
                AVDB version: 0.0
                FortiClient app signature version: 0.0
                FortiClient vulnerability scan engine version: 2.30
                FortiClient UID: F4F3263AEBE54777A6509A8FCCDF9284
                ….
                Number of Routes: (1)
                        Gateway Route #0:
                                - IP:192.168.40.8, MAC: 24:b6:fd:fa:54:c1, Indirect: no
                                - Interface:default.35, VFID:0, SN: FGVM04TM21000144
online records: 1; offline records: 0; quarantined records: 0

    # diagnose endpoint lls-comm send ztna find-ip-vdom 192.168.40.8 root
UID: F4F3263AEBE54777A6509A8FCCDF9284
        status code:ok
        Domain:
        User: keithli
        Cert SN:563DA313367608678A3633E93C574F6F8BCB4A95
        EMS SN: FCTEMS0000109188
        Routes(1):
         - route[0]: IP=192.168.40.8, VDom=root
        Tags(2):
         - tag[0]: name=all_registered_clients
         - tag[1]: name=Low
    # diagnose firewall dynamic list
List all dynamic addresses:
FCTEMS0000109188_all_registered_clients: ID(51)
        ADDR(172.17.194.209)
        ADDR(192.168.40.8)
…

FCTEMS0000109188_Low: ID(78)
        ADDR(172.17.194.209)
        ADDR(192.168.40.8)
…

FCTEMS0000109188_Malicious-File-Detected: ID(190)
…

    # diagnose test application fcnacd 7
ZTNA Cache:
-uid F4F3263AEBE54777A6509A8FCCDF9284: { "tags": [ "all_registered_clients", "Low" ], "user_name": "keithli", "client_cert_sn": "563DA313367608678A3633E93C574F6F8BCB4A95", "gateway_route_list": [ { "gateway_info": { "fgt_sn": "FGVM04TM21000144", "interface": "default.35", "vdom": "root" }, "route_info": [ { "ip": "192.168.40.8", "mac": "24-b6-fd-fa-54-c1", "route_type": "direct" } ] } ], "ems_sn": "FCTEMS0000109188" }

    # execute log display
49 logs found.
10 logs returned.
3.5% of logs has been searched.
38: date=2021-03-28 time=23:07:38 eventtime=1616998058790134389 tz="-0700" logid="0000000013" type="traffic" subtype="forward" level="notice" vd="root" srcip=192.168.40.8 srcname="Fortinet-KeithL" srcport=51056 srcintf="default.35" srcintfrole="undefined" dstip=192.168.20.6 dstport=443 dstintf="port3" dstintfrole="undefined" srcuuid="5445be2e-5d7b-51ea-e2c3-ae6b7855c52f" dstuuid="5445be2e-5d7b-51ea-e2c3-ae6b7855c52f" srccountry="Reserved" dstcountry="Reserved" sessionid=161585 proto=6 action="close" policyid=30 policytype="policy" poluuid="8f6ea492-9034-51eb-f197-c00d803b7489" policyname="allow-internal-access" service="HTTPS" trandisp="snat" transip=192.168.20.5 transport=51056 duration=2 sentbyte=3374 rcvdbyte=107732 sentpkt=50 rcvdpkt=80 fctuid="F4F3263AEBE54777A6509A8FCCDF9284" unauthuser="keithli" unauthusersource="forticlient" appcat="unscanned" mastersrcmac="24:b6:fd:fa:54:c1" srcmac="24:b6:fd:fa:54:c1" srcserver=0 dstosname="Windows" dstswversion="10" masterdstmac="52:54:00:e3:4c:1a" dstmac="52:54:00:e3:4c:1a" dstserver=0
    Access denied:
    # diagnose endpoint lls-comm send ztna find-ip-vdom 192.168.40.8 root
UID: F4F3263AEBE54777A6509A8FCCDF9284
        status code:ok
        Domain:
        User: keithli
        Cert SN:563DA313367608678A3633E93C574F6F8BCB4A95
        EMS SN: FCTEMS0000109188
        Routes(1):
         - route[0]: IP=192.168.40.8, VDom=root
        Tags(3):
         - tag[0]: name=Malicious-File-Detected
         - tag[1]: name=all_registered_clients
         - tag[2]: name=Low
    # diagnose firewall dynamic list
List all dynamic addresses:
FCTEMS0000109188_all_registered_clients: ID(51)
        ADDR(172.17.194.209)
        ADDR(192.168.40.8)
…
FCTEMS0000109188_Low: ID(78)
        ADDR(172.17.194.209)
        ADDR(192.168.40.8)
…
FCTEMS0000109188_Malicious-File-Detected: ID(190)
        ADDR(172.17.194.209)
        ADDR(192.168.40.8)
…

    # diagnose test application fcnacd 7
ZTNA Cache:
-uid F4F3263AEBE54777A6509A8FCCDF9284: { "user_name": "keithli", "client_cert_sn": "563DA313367608678A3633E93C574F6F8BCB4A95", "gateway_route_list": [ { "gateway_info": { "fgt_sn": "FGVM04TM21000144", "interface": "default.35", "vdom": "root" }, "route_info": [ { "ip": "192.168.40.8", "mac": "24-b6-fd-fa-54-c1", "route_type": "direct" } ] } ], "ems_sn": "FCTEMS0000109188", "tags": [ "Malicious-File-Detected", "all_registered_clients", "Low" ] }
    # execute log display
49 logs found.
10 logs returned.
3.5% of logs has been searched.

11: date=2021-03-28 time=23:14:41 eventtime=1616998481409744928 tz="-0700" logid="0000000013" type="traffic" subtype="forward" level="notice" vd="root" srcip=192.168.40.8 srcname="Fortinet-KeithL" srcport=51140 srcintf="default.35" srcintfrole="undefined" dstip=192.168.20.6 dstport=443 dstintf="port3" dstintfrole="undefined" srcuuid="5445be2e-5d7b-51ea-e2c3-ae6b7855c52f" dstuuid="5445be2e-5d7b-51ea-e2c3-ae6b7855c52f" srccountry="Reserved" dstcountry="Reserved" sessionid=162808 proto=6 action="deny" policyid=29 policytype="policy" poluuid="2835666c-9034-51eb-135d-2f56e5f0f7a2" policyname="block-internal-malicious-access" service="HTTPS" trandisp="noop" duration=0 sentbyte=0 rcvdbyte=0 sentpkt=0 fctuid="F4F3263AEBE54777A6509A8FCCDF9284" unauthuser="keithli" unauthusersource="forticlient" appcat="unscanned" crscore=30 craction=131072 crlevel="high" mastersrcmac="24:b6:fd:fa:54:c1" srcmac="24:b6:fd:fa:54:c1" srcserver=0
    Previous
    Next