Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
larsbollas
Staff
Staff

Created on ‎09-22-2024 11:06 PM

Article Id 342022

Technical Tip: Blocking host internet access

Description This article describes how to block internet access for single or multiple hosts using the IPv4 deny policy.
Scope FortiGate.
Solution
  1. Go to Policy & Objects -> Addresses and select Create New Address

 

address.PNG

 

An address called '192.168.1.55/32' has been created with type subnet and IP address 192.168.1.55/32.

 

  1. Go to Policy & Objects -> Addresses, select Create new address group called Blacklisted_IPs, and add the newly created address as member:

 

addrgrp.PNG

 

  1. Go to Policy & Objects -> Firewall Policy, select Create new Ipv4 policy named No internet access, and add the Blacklisted_IPs as source address with destination address set to all addresses. Do not forget to set the action to deny.

 

Deny.PNG

 

  1. FortiGate reads the IPv4 policies from top to bottom, make sure to move the deny policy on top of the internet access policy. Drag and drop the IPv4 policies in the GUI.

 

move.PNG

 

Note:

Repeat steps 1 and 2 for additional hosts or devices. A Device MAC can also be added to the Blacklisted_IPs group:


MAC.PNG

 

newgroup.PNG

 

578
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.