This article describes how to block a network user from accessing the internet if the user is trying to access a blocked website. This can be achieved by using a FortiAnalyzer Event Handler in an Automation Stitch on the FortiGate.
FortiGate, FortiAnalyzer.
The following prerequisites must be met:
Example – User(s) should get quarantined if they are trying to access a blocked social media website multiple times continuously.
These and other fields can be adjusted according to the administrator requirements and the criteria to block/quarantine the users.
Note: Administrators may need to adjust the COUNT value according to the sensitivity of quarantining the users. Accessing a website such as facebook.com may generate multiple logs even though the user has tried to visit the website only once.
Results:
When a user is blocked by the web filter multiple times in 30 minutes, FortiGate bans the IP of that user and quarantines it until the administrator removes the IP from the quarantine.
Check the banned IP in the CLI:
Check the banned IP in the GUI:
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.