Description | This article describes how to ban an IP address on the FortiGate by using an automation stitch for a failed IPsec connection. |
Scope | FortiGate. |
Solution |
Create an automation stitch and select trigger and create a trigger for FortiOS Event Log and select 'IPsec connection failed': Creating automation stitches | FortiGate / FortiOS 7.4.4 | Fortinet Document Library
Create a CLI script as an action and run this command to ban or quarantine an IP address by using this command:
diagnose user quarantine add src4 %%log.epip%% 9504000 admin
Note: After v7.2 and onwards, banned-ip is used instead of quarantine.
Related article: Technical Tip: Quarantine the IP for failed SSL VPN login using an automation stitch |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.