Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Not applicable

Created on ‎09-20-2006 12:00 AM Edited on ‎09-23-2024 11:39 PM By Moderator

Article Id 197727

Technical Tip: Configuring FortiGate Firewall Policy to block traffic for one or more IP addresses

 

Description This article describes how to block an IP address.
Scope

All FortiGate units.
Solution

To block an IP address, create an address entry and create a firewall policy to block the address.

 

Add an Address.

To add an address entry:

  1. Go to Firewall -> Address.
  2. Select Create New.
  3. Enter a name for the address.
  4. Enter the IP address and subnet.

Note that if blocking an internal IP address, set the netmask to 255.255.255.255, or /32. Otherwise, it could block the entire subnet.

 

1.png

 

Add a Firewall Policy.

To add a firewall policy:

  1. Go to Firewall -> Policy.
  2. Select Create new.
  3. Configure the firewall policy as required. For the Source and/or Destination address, select the address name added above.
  4. Set the Action to Deny.
  5. Move the firewall policy to the top of the policy list.

 

2.png

 

Labels:
39185
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.