FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 191475



This article describes how to ban a quarantine source IP using the FortiView feature in FortiGate.







To block quarantine IP navigate to FortiView -> Sources.

'Right-click' on the source to ban and select Ban IP:

After selecting Ban IP, specify the duration of the ban:

To view the banned IP on the GUI, navigate to Monitor -> Quarantine Monitor:


In order to ban an IP from CLI, the following command can be used:


diagnose user quarantine ?
list:      List user quarantine entries.
add:     Add user quarantine entry.
delete: Delete user quarantine entry.
clear :  Clear all user quarantine entries.
stat:    stat


Below is an example of the syntax for banning an IP and a showcase of the possible options.


Note: From version 7.2 onward, the syntax has changed to 'banned-ip' instead of 'quarantine':

diag user banned-ip


diagnose user quarantine add ?
src4: IPv4 source ban.
src6: IPv6 source ban.


diagnose user quarantine add src4 ?
<src-ipv4> Source IPv4 address.


diagnose user quarantine add src4 ?
<expiry> Expiry in seconds.


diagnose user quarantine add src4 60 ?
<ban-source> Ban source (admin/dlp/ips/av/dos).


diagnose user quarantine add src4 60 admin ?
<Enter> --> no more options are available, press Enter to ban the IP


To unban IP: 


diag user quarantine delete src4 <ipv4-address> 

To view the quarantined IP in the CLI, run the following command:


diagnose user quarantine list



The minimum time to remove the quarantine of a host from the list is 3 seconds. After creating an exemption for any host to no longer be quarantined, the list will be empty upon running this command.