FortiGate uses the ISDB service, which requires an active subscription. It is necessary to ensure that the FortiGate device has a valid subscription for the FortiGuard services, including ISDB. The status of the FortiGuard service can be checked under System -> FortiGuard. 

Using the following method, the Malicious IP addresses can be blocked for the pre-defined internet services. If the suspect IP is not in the pre-defined lists, a custom ISDB entry can be requested with the following article:

Technical Tip: Custom Internet Service Database (ISDB) entry creation on a FortiGate

For the Geography-based internet services, a custom entry can be created inside FortiOS, as explained in Technical Tip: How to create internet service database based on geographical information.

Blocking Malicious IP address(Predefined Internet Services):

Step 1: Go to Policy & Objects -> Internet Service Database -> Internet Services -> IP Address Lookup -> Search IP.

Step2: Create IPv4 Policy:

• Go to Policy & Objects -> IPv4 policy.
• Select 'create new'.
• Name: Provide any name.
• Incoming interface: Select the incoming interface.
• Outgoing interface: Select the outgoing interface.
• Source: Internet Service -> Select the Internet Service details obtained from IP address lookup.
• Destination: ALL.
• Schedule: Always.
• Services: ALL.
• Action: Deny.

Note:

In the latest firmware versions (above v7.0) the option for IPv4 policy is replaced with Firewall policy under Policy & Objects.