1. create an API account and an admin profile on the FortiGate:

2. Config automation on the FortiGate, create an action profile, for example, IP ban:

3. Create a trigger profile, for example, FDC_webhook_banip:

4. Create a stitch policy, and select this action profile and this trigger profile:

Above finish ban IP config on the FortiGate.

5. Config automation again on the FortiGate, create an action profile , for example, FDC_unblock_ip:

if VDOM, the script needs to add the VDOM name, for example:

config vdom
    edit root
    diagnose user banned-ip delete src4 %%log.srcip%%

6. Create a trigger profile, for example, FDC_webhook_unlock:

7. Create a stitch policy, and select this action profile and this trigger profile:

Finish all on the FortiGate.

8. Config quarantine integration on the FortiDeceptor:

Integrate method select FGT-WEBHOOK.

Block Expiry is user-defined ,for example 600s.

ban URL and unlock URL ,  you can copy  the Incoming webhook triggle‘s URL on the FortiGate .

Authorization is API account secret key on the FortiGate.

Result:

Related document:

Integration with FortiGate over Webhook