FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
rmreddy
Staff
Staff

Description
This article describes how to ban a quarantine source IP using the FortiView feature in FortiGate.

 

Scope
FortiGate


Solution
To block quarantine IP navigate to FortiView -> Sources.


Right-click on the source to ban and select Ban IP:


After selecting Ban IP, specify the duration of the ban:


To view the banned IP on the GUI, navigate to Monitor -> Quarantine Monitor:

 

In order to ban an IP from CLI, the following command can be used:

 

# diagnose user quarantine ?
list:      List user quarantine entries.
add:     Add user quarantine entry.
delete: Delete user quarantine entry.
clear :  Clear all user quarantine entries.
stat:    stat

 

Below is an example of syntax for banning an IP and a showcase of the possible options:

# diagnose user quarantine add ?
src4: IPv4 source ban.
src6: IPv6 source ban.

 

# diagnose user quarantine add src4 ?
<src-ipv4> Source IPv4 address.

 

# diagnose user quarantine add src4 172.31.128.4 ?
<expiry> Expiry in seconds.

 

# diagnose user quarantine add src4 172.31.128.4 60 ?
<ban-source> Ban source (admin/dlp/ips/av/dos).

 

# diagnose user quarantine add src4 172.31.128.4 60 admin ?
<Enter> --> no more options are available, press Enter to ban the IP


To view the quarantined IP using CLI:

 

# diagnose user quarantine list

 

 

Contributors