Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
mzainuddinahm
Staff
Staff

Created on ‎03-31-2022 06:02 AM Edited on ‎01-30-2024 02:20 AM By Community Manager

Article Id 208037

Technical Tip: How to Quarantine / ban a Source IP for Anti Virus

Description This article describes how to Quarantine/ban a Source IP for Anti Virus.
Scope

FortiGate
Solution

Configure the AntiVirus security profile to add the source IP of an infected file or malware sender to the quarantine or list of banned source IP addresses in the CLI

 

# config antivirus profile

# edit <name of profile>

# config nac-quar

# set infected quar-src-ip

# set expiry 5m

# end

 

This variable (quar-src-ip) determines for how long the source IP address will be blocked.

 

In the CLI the option is called expiry.

The maximum day's value is 364.

The maximum hour value is 23 and the maximum minute value is 59.

The default is 5 minutes.

 

CLI: https://docs.fortinet.com/document/fortigate/6.0.0/cli-reference/805277/antivirus-profile
1525
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.