Blocking a List of static Ip Addresses

Forum|Forum|10 years ago
February 24, 2016
1 reply
18095 views

Hi All,

Please someone help me to block a range of Ip addresses for http and https . The ip range is 192.168.64.95 to 192.168.64.140. Am using a Fortigate 100 D

Can I get the steps with you to do it .

Thanks in advance .

ede_pfau

SuperUser

1- create an address object, say "bl_rng_1", as address 192.168.64.[95-140]

2- create an address group, say "blocked_nets", and add "bl_rng_1"

3- if not present, create a policy for HTTP and HTTPS only, from 'internal' to 'wan', put "blocked_nets" as destination address, select action "DENY".

For just one address you strictly speaking would not need an address group. But if you can block one address, there will come another tomorrow,...just create an address object and add it to the group. No fiddling with the policy in the future.

Marco_BrokerAuthor

New Member

Hi Broth ,is work ,thank.Please could help for another setup .

My Boss ask me to block all website except www.mcb.mu is permitted on ip 192.168.200/24.

I have tried to follow the whitelist setup in the library but unfortunately it does"t work

The fortigate model is a 100D

Version 5.2

Please help if you can thanks in advance .

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded