Skip to main content
MegaSistemas
MegaSistemas
New Member
August 14, 2018
Solved

automatic intrusion ip block

  • August 14, 2018
  • 2 replies
  • 15705 views

Hello guys

 

I noticed that a certain ip tried to invade a web server and IPS dropped that attempt, but soon after that same ip tried several more times. Is there a way to configure FGT to automatically block this ip for minutes or hours, so you can not keep trying every second? or that it is inserted into a blacklist?

    Best answer by darwin_FTNT

    See the following and enable IPS utm profile quarantine feature:

     

    https://forum.fortinet.com/tm.aspx?m=151871

     

    Quarantine list is maintained by kernel and is more efficient in cpu usage in terms of blocking quarantined client connections.

     

    2 replies

    darwin_FTNT
    Staff
    darwin_FTNTAnswer
    Staff
    August 15, 2018

    See the following and enable IPS utm profile quarantine feature:

     

    https://forum.fortinet.com/tm.aspx?m=151871

     

    Quarantine list is maintained by kernel and is more efficient in cpu usage in terms of blocking quarantined client connections.

     

    Bruno_Pereira
    Bruno_Pereira
    New Member
    August 15, 2018

    Hello,

     

    it's possibilite with quarantine, you can set the time.You can then check the blocked IPs on monitor> quarantine monitor.

     

     

     

     

    Terms & ConditionsAccessibility statement