Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Not applicable

Created on ‎09-20-2006 12:00 AM Edited on ‎12-26-2024 12:23 AM By Community Manager

Article Id 197727

Technical Tip: Configuring FortiGate Firewall Policy to block traffic for one or more IP addresses

 

Description This article describes how to block an IP address.
Scope

FortiGate.
Solution

To block an IP address, create an address entry and create a firewall policy to block the address.

 

Create an Address Object.

  1. Go to Policy & Objects -> Addresses.
  2. Select Create New.
  3. Enter a name for the address.
  4. Enter the IP address and subnet.

Note that if blocking an internal IP address, set the netmask to 255.255.255.255, or /32. Otherwise, it could block the entire subnet.

 

1.png

 

Create a Firewall Policy.

  1. Go to Policy & Objects -> Firewall Policy.
  2. Select Create new.
  3. Configure the firewall policy as required. For the Source and/or Destination address, select the address name added above.
  4. Set the Action to Deny.
  5. Move the firewall policy to the top of the policy list.

 

2.png

 

Labels:
39812
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.