Skip to main content
dave2318
dave2318
New Member
January 2, 2016
Question

View IPS Quarantined IP's and why doesn't block work?

  • January 2, 2016
  • 1 reply
  • 4946 views

Hi All,

 

We have 2 x Fortigate 300C's in Active/Passive running 5.2.4.

 

We are currently being battered by thousands of SQL injection attempts. Most seem to be being blocked by the IPS rules I have set, but our webserver log IS showing SQL injection attempts! Any idea why?

 

For now I have changed the "Block ALL" option to "Quarantine for 1 hour" and that seems to have stopped it for a bit!

How do I view a list of quarantined IP's?

 

Thanks in advance.

 

Dave

    1 reply

    razor
    razor
    Visitor III
    January 25, 2016

    I have the same Q. Maybe there is a fortinet tech guy who is able to answer this question? :)

    Ralph1973
    Ralph1973
    New Member
    January 25, 2016

    Hi, do you have configured the

    - correct ips sensor

    - put that sensor in the policy that is used?

     

    Is the traffic coming from the internet or from the inside (also possible)

    Configure the extended ips database (temporarily)

    config ips global     set database extended

     

    and make sure that the sensor has all signatures needed

     

    Hope this helps

    p.s. the quarantined ip's are listed under user, monitor

     

    Kind regards,

    Ralph Willemsen

    Arnhem, Netherlands

    Terms & ConditionsAccessibility statement