Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Stephen_G
Moderator
Moderator

Created on ‎11-01-2022 04:11 AM Edited on ‎11-01-2022 04:51 AM

Article Id 228550

Technical Tip: Retain permanent IP bans and quarantines after rebooting FortiGate

Description This article explains how to maintain permanent IP bans and quarantines even after rebooting FortiGate.
Scope FortiGate v7.2.1, v7.2.2 and later.
Solution

In previous versions of FortiGate, the list of quarantined users was saved in volatile memory. After every reboot or upgrade, banned or quarantined users' IP details were removed from the list.

The best practice to create a permanent quarantine was to configure the firewall policy to block the users:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Quarantine-IP-address-lost-after-reboot-sh...

  

From FortiOS v7.2.1 and above, an option has been added to maintain the banned/quarantined user list even after the device is rebooted.

The option is disabled by default. To enable it, run the following in the CLI:

 

# config firewall global

set banned-ip-persistency ?

end

 

Choose one of the following options to fill the space of ?:

  • disabled (default): when the FortiGate is rebooted, all isolated Ban IPs disappear. This behavior is identical to the behavior in previous firmware versions.
  • permanent-only: Without setting the quarantine period, only banned IPs specified as 'permanent' option are maintained after rebooting.
  • all: The list of all banned IPs is maintained after rebooting.

To view banned IPs in the GUI, navigate to DHCP Monitor, hover over a device and select Ban IPs from the context menu that appears.

 

Stephen_G_0-1667299793906.png

 

Stephen_G_1-1667299793908.png

 

Use the Quarantine dashboard widget to manage and delete IP bans:

 

Stephen_G_2-1667299793911.png

 

To view banned IPs in the CLI, run the following command:

 

# diagnose user banned-ip list

 

Stephen_G_3-1667299793912.png

 

After a system configured to retain banned IPs reboots, the banned IPs are still maintained in the banned-ip list:

 

Stephen_G_4-1667299793913.png

 

Related Documents:

 
2218
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.