Created on 03-03-2015 05:15 PM Edited on 06-08-2022 02:15 PM By Anonymous
A user or IP address can be quarantined and added to Banned User list because of DLP/IPS/AV/DOS.
All sessions started by users or IP addresses on the Banned User list are blocked until the user or IP address is removed from the list or reaches it's expiry.
In FortiOS 5.0, use the command "get user ban list" to see Banned User list.
Viewing the Banned User List in FortiOS 5.2
In FortiOS 5.2, use the following command to see Banned User list.
FGT# diagnose firewall ip_host list
The sample output looks like this.
FGT# diagnose firewall ip_host list
src-ip-addr created expires cause Wed Mar 4 15:22:24 2015 Wed Mar 4 15:24:24 2015 DLP Wed Mar 4 15:23:23 2015 Wed Mar 4 16:23:23 2015 IPS
Explanation of each field
src-ip-addr: The IP address of the quarantined user.
created: The time that the IP address was added to the list.
expires: Shows the time that the entry will be expired and removed from the list.
cause: The reason that this IP address was added to the Banned User list.
Related Options
1. add/delete an entry
In order to delete an entry use the following command.
FGT# diagnose firewall ip_host delete src4/src6 <ipv4/ipv6>
Here is an example.
FGT# diagnose firewall ip_host delete src4
To add an entry to the list.
FGT# diagnose firewall ip_host add src4/src6 <ipv4/ipv6> <expiry> <ban_source(dlp/ips/av/dos)>
The following example shows how to add the IP address to the list and set the cause to "IPS" which expires after 3600 seconds.
FGT# diagnose firewall ip_host add src4 3600 ips
2. Show statistics
To view the number of entries in the list
FGT# diagnose firewall ip_host stat
3. Clear the list
The following command will clear the whole list.
FGT#diagnose firewall ip_host clear
Related Articles