Fortigate 80F create script to block attacks and check ip adres against whitelist

Question

Is it possible to create a script that checks ip addresses that try to login with SSL-VPN but fail because its an attack but at the same time check every ip address against a whitelist for a few people that are always allowed to login.

I have tried many scripts with the help of chatGPT but it just wont work, my last script is:

## Create temp address object to check against whitelist
config firewall address
edit "SSLVPN-Check-%%log.remip%%"
set subnet %%log.remip%%/32
next
end

# Check if address is in whitelist
config firewall addrgrp
edit "SSL_VPN_Allow_IP"
show
end | grep "SSLVPN-Check-%%log.remip%%"

#If address is in whitelist then remove address object
config firewall address
delete "SSLVPN-Check-%%log.remip%%"
exit
end

# If IP address is not in whitelist then create block object
config firewall address
rename "SSLVPN-Check-%%log.remip%%" to "SSLVPN-Block-%%log.remip%%"
edit "SSLVPN-Block-%%log.remip%%"
set color 6
next
end

# Append block object to blocklist-group
config firewall addrgrp
edit "VPN_Failed_Login_12"
append member "SSLVPN-Block-%%log.remip%%"
next
end

Anyone able to help me to get this working?

Regards, Olav

ovdven · Answer

Looks like this isn't possible with a script? In what way is it then possible to block attacks and let white listed IP's through?

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded