FortiGate.

To block an IP address, create an address entry and create a firewall policy to block the address.

Create an Address Object.

1. Go to Policy & Objects -> Addresses.
2. Select Create New.
3. Enter a name for the address.
4. Enter the IP address and subnet.

Note that if blocking an internal IP address, set the netmask to 255.255.255.255, or /32. Otherwise, it could block the entire subnet.

CLI commands:

config firewall address
    edit "Block-IP"

        set subnet 172.16.1.30 255.255.255.255    

    next
end

Create a Firewall Policy.

1. Go to Policy & Objects -> Firewall Policy.
2. Select Create new.
3. Configure the firewall policy as required. For the Source and/or Destination address, select the address name added above.
4. Set the Action to Deny.
5. Move the firewall policy to the top of the policy list.

Creating policy from CLI commands: 

config firewall policy
    edit 4
        set name "Block-suspicious"
        set uuid 0b8cc866-be3d-51f0-a5e7-b794776370ae
        set srcintf "port1"          <----- Source interface.
        set dstintf "port2"          <----- Destination interface.
        set srcaddr "Block-IP"       <----- Source address.
        set dstaddr "all"            <----- Destination interface.
        set schedule "always"        <----- Active all the time.
        set service "ALL"            <----- Services.

        set action deny              <----- Action to deny logs.
        set logtraffic disable
    next
end