Policy to qurantine ips

Forum|Forum|4 years ago
January 27, 2022
1 reply
1237 views

I want to be able to automatically quaratine ips that will try to use services that are not open from outside, for example telnet or smb.
Now there are no policies to allow such traffic, so they get blocked by policy number 0.
Is it possible to automatically quaratine those that will try for example telnet? And how?

FortiGate

AlexC-FTNT

Staff

It doesn't make much sense to quarantine it, if it is already blocked by default. It doesn't make any difference for an automated attack - it will scan the IP/ports and only react if open.

But yes, you can do it with a DoS policy. First need to set the action to block.
A low threshold can be used (under 20) but do not expect a precise count to trigger it, since the counting is not done with regular counters.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-configure-DoS-protection-s-quarantine/ta-p/192590

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded