Block an intruders Static IP range from all access

Hi Anyone, 

New to the forum here, but worth a shot.  Need some advise on the best way to block a static IP range from all incoming access. Suspect IP's are trying to ssh in continuously, so i want to block his whole subnet from all activity.  I'm used to ClearOS where you could literally blacklist IP's and that would stop DDOS and all other access from those intruders.

What is the cleanest/easiest way to do this on Fortigate?  I've thought about changing the default ssh port to something other than 22, and increasing the block timeout to like 10 mins after 3 failed logins, but he's still persisting.

I'd prefer to have his IP range completed blocked on the fortigate so he cannot get any form of access on any port into my device.

Appreciate the suggestions.