Monitoring banned users

The Banned User list shows all IP addresses and interfaces blocked by NAC quarantine. The list also shows all IP addresses, authenticated users, senders, and interfaces blocked by Data Leak Prevention (DLP). The system administrator can selectively release users or interfaces from quarantine or configure quarantine to expire after a selected time period.

All sessions started by users or IP addresses on the Banned User list are blocked until the user or IP address is removed from the list. All sessions to an interface on the list are blocked until the interface is removed from the list.

• Users or IP addresses that originate attacks detected by IPS - To quarantine users or IP addresses that originate attacks, enable and configure Quarantine Attackers in an IPS Filter.

• IP addresses or interfaces that send viruses detected by virus scanning - To quarantine IP addresses that send viruses or interfaces that accept traffic containing a virus, enable Quarantine Virus Sender in an antivirus profile.

• Users or IP addresses that are banned or quarantined by Data Leak Prevention - In a DLP sensor select Quarantine IP Address as the action to take.


Banned User page Lists all banned users.
Delete		Removes the selected user or IP address from the Banned User list.
Remove All		Removes all users and IP addresses from the Banned User list.
Search		Search the list for a particular IP address.
Source		The FortiGate function that caused the user or IP address to be added to the Banned User list: IPS, Antivirus, or Data Leak Prevention.
Created		The date and time the user or IP address was added to the Banned User list.
Expires		The date and time the user or IP address will be automatically removed from the Banned User list. If Expires is Indefinite, you must manually remove the user or host from the list.