Which FortiGate setting helps prevent the risk of unauthorized device access?

Active authentication is a FortiGate setting designed to enhance security by validating the identity of devices attempting to access the network. This process ensures that only authorized users can connect to the system, thereby preventing unauthorized device access. Active authentication methods can include various forms of user credentials, such as usernames and passwords, digital certificates, or other validation methods that verify the identity before granting access.

VLAN tagging primarily relates to network segmentation rather than directly preventing unauthorized access. It helps in organizing and managing traffic among different virtual networks but does not validate the identity of users or devices.

IPsec encryption secures data in transit by establishing encrypted tunnels between devices or networks. While this is crucial for protecting data from interception, it does not directly address the need for identifying or authorizing devices before they join the network.

Firewall policy restriction focuses on controlling incoming and outgoing traffic based on predetermined security rules. While effective in managing traffic flow, it does not inherently assess whether a device is authorized, making it less effective as a standalone approach to prevent unauthorized access compared to active authentication.

Therefore, active authentication stands out as the most appropriate setting for preventing unauthorized device access.