FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
mzainuddinahm
Article Id 208037
Description This article describes how to Quarantine/ban a Source IP for Anti Virus.
Scope

FortiGate

Solution

Configure the AntiVirus security profile to add the source IP of an infected file or malware sender to the quarantine or list of banned source IP addresses in the CLI

 

# config antivirus profile

# edit <name of profile>

# config nac-quar

# set infected quar-src-ip

# set expiry 5m

# end

 

This variable (quar-src-ip) determines for how long the source IP address will be blocked.

 

In the CLI the option is called expiry.

The maximum day's value is 364.

The maximum hour value is 23 and the maximum minute value is 59.

The default is 5 minutes.

 

CLI: https://docs.fortinet.com/document/fortigate/6.0.0/cli-reference/805277/antivirus-profile

Contributors