FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Not applicable
Article Id 197727
DescriptionHow to block an IP address.
  • All FortiGate units
Steps or Commands

To block an IP address, create an address entry and create a firewall policy to block the address.

Add an Address

To add an address entry

  1. Go to Firewall> Address.
  2. Select Create New.
  3. Enter a name for the address.
  4. Enter the IP address and subnet.

Note that if you are blocking an internal IP address, set the netmask to, or /32. Otherwise you could block the entire subnet.

Add a Firewall Policy

To add a firewall policy

  1. Go to Firewall> Policy.
  2. Select Create new.
  3. Configure the firewall policy as required. For the Source and/or Destination address, select the address name added above.
  4. Set the Action to Deny.
  5. Move the firewall policy to the top of the policy list.