FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Ashishdeep
Staff
Staff
Article Id 328148
Description This article describes how to ban an IP address on the FortiGate by using an automation stitch for a failed IPsec connection.
Scope FortiGate.
Solution

Create an automation stitch and select trigger and create a trigger for FortiOS Event Log and select 'IPsec connection failed':

Creating automation stitches | FortiGate / FortiOS 7.4.4 | Fortinet Document Library

 

Picture1.png

 

Create a CLI script as an action and run this command to ban or quarantine an IP address by using this command:

 

diagnose user quarantine add src4 %%log.epip%% 9504000 admin 

 

Picture2.png

 

Note: After v7.2 and onwards, banned-ip is used instead of quarantine.

 

Related article

Technical Tip: Quarantine the IP for failed SSL VPN login using an automation stitch
Contributors