Monitoring banned users

The Banned User list shows all IP addresses and interfaces blocked by NAC quarantine. The list also shows all IP addresses, authenticated users, senders, and interfaces blocked by Data Leak Prevention (DLP). The system administrator can selectively release users or interfaces from quarantine or configure quarantine to expire after a selected time period.

All sessions started by users or IP addresses on the Banned User list are blocked until the user or IP address is removed from the list. All sessions to an interface on the list are blocked until the interface is removed from the list.

• Users or IP addresses that originate attacks detected by IPS - To quarantine users or IP addresses that originate attacks, enable and configure Quarantine Attackers in an IPS Sensor Filter.

• IP addresses or interfaces that send viruses detected by virus scanning - To quarantine IP addresses that send viruses or interfaces that accept traffic containing a virus, enable Quarantine Virus Sender in an antivirus profile.


Banned User page Lists all banned users.
Page Controls		Use to navigate through the list.
Clear		Removes all users and IP addresses from the Banned User list.
#		The position number of the user or IP address in the list.
Ban key		The Ban key.
Application Protocol		The protocol that was used by the user or IP address added to the Banned User list.
Cause or rule		The Fortinet function that caused the user or IP address to be added to the Banned User list. Cause or rule can be IPS, Antivirus, or Data Leak Prevention.
Created		The date and time the user or IP address was added to the Banned User list.
Expires		The date and time the user or IP address will be automatically removed from the Banned User list. If Expires is Indefinite, you must manually remove the user or host from the list.
Delete		Removes the selected user or IP address from the Banned User list.