do you have Airwave or Aruba Central?
if not then I suggest to add a access policy rule for the user role to deny and log based on your criteria
and then check the logs to get the list or even better send the logs to your syslog.
![](https://higherlogicdownload.s3.amazonaws.com/HPE/MessageImages/bf4672714ce241e4b8449ce39454e3d1.png)
------------------------------
If my post was useful accept solution and/or give kudos.
Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
------------------------------
Original Message:
Sent: Dec 05, 2022 05:18 PM
From: Steve Massey
Subject: How can I track down clients are visiting websites that are Moderate Risk, Suspicious or High Risk?
I have an AP-515 network with 20 AP's. I'd like to track down the clients that are populating Applications > Visibility > Websites > Moderate Risk, Suspicious or High Risk? My network traffic is routing out of a FortiGate that is flagging the traffic as malicious but the IP address shows that it's coming from the AP IP address. I'm assuming the AP is NATTING the client traffic. Any suggestions would be greatly appreciated!