Fortigate 80F create script to block attacks and check ip adres against whitelist

ovdven · ‎01-16-2025

Is it possible to create a script that checks ip addresses that try to login with SSL-VPN but fail because its an attack but at the same time check every ip address against a whitelist for a few people that are always allowed to login.

I have tried many scripts with the help of chatGPT but it just wont work, my last script is:

## Create temp address object to check against whitelist
config firewall address
edit "SSLVPN-Check-%%log.remip%%"
set subnet %%log.remip%%/32
next
end

# Check if address is in whitelist
config firewall addrgrp
edit "SSL_VPN_Allow_IP"
show
end | grep "SSLVPN-Check-%%log.remip%%"

#If address is in whitelist then remove address object
config firewall address
delete "SSLVPN-Check-%%log.remip%%"
exit
end

# If IP address is not in whitelist then create block object
config firewall address
rename "SSLVPN-Check-%%log.remip%%" to "SSLVPN-Block-%%log.remip%%"
edit "SSLVPN-Block-%%log.remip%%"
set color 6
next
end

# Append block object to blocklist-group
config firewall addrgrp
edit "VPN_Failed_Login_12"
append member "SSLVPN-Block-%%log.remip%%"
next
end

Anyone able to help me to get this working?

Regards, Olav

ovdven · ‎02-18-2025

Looks like this isn't possible with a script? In what way is it then possible to block attacks and let white listed IP's through?

Fortigate 80F create script to block attacks and check ip adres against whitelist

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website