Technical Tip: How to Quarantine / ban a Source IP for Anti Virus
| Description | This article describes how to Quarantine/ban a Source IP for Anti Virus. |
| Scope | FortiGate |
| Solution | Configure the AntiVirus security profile to add the source IP of an infected file or malware sender to the quarantine or list of banned source IP addresses in the CLI
# config antivirus profile # edit <name of profile> # config nac-quar # set infected quar-src-ip # set expiry 5m # end
This variable (quar-src-ip) determines for how long the source IP address will be blocked.
In the CLI the option is called expiry. The maximum day's value is 364. The maximum hour value is 23 and the maximum minute value is 59. The default is 5 minutes.
CLI: https://docs.fortinet.com/document/fortigate/6.0.0/cli-reference/805277/antivirus-profile |