Skip to main content
delciomangueira
delciomangueira
New Member
November 20, 2022
Question

How to block hosts using Fortigate and Cisco Swithes?

  • November 20, 2022
  • 2 replies
  • 1280 views

Hi guys, I have traffic going through a fortigate, for the endpoints that violate the policies defined in the security profiles I use the IP block when the event is not remedied. Since the IP is on layer 3 and my Swithces are not Fortinet, whenever the host that is blocked by the IP BAN action changes floor and acquires another one, I get the alerts again, same host and different IP.

What is the best alternative to use to mitigate this scenario?
My Swithes are Cisco

2 replies

VinayHM
Staff
VinayHM
November 21, 2022

Try using mac based blocking (Layer 2).

 

ebilcari
Staff
ebilcari
Staff
November 21, 2022

A good solution could be the integration with FortiNAC. You can have full visibility that FortiNAC gives for the network and integrate that with FortiGate via FSSO. FortiNAC supports a large ranges of switches for different vendors including Cisco switches.

Take a look at this integration guide: https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/81bd8eff-3eff-11ea-9384-00505692583a/FortiNAC_Security_Fabric_Integration_Guide.pdf

Emirjon
Terms & ConditionsAccessibility statement