Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
haithamab
New Contributor II

Auto block Ip addresses

Hi all,

 

We have web application fire wall latest version (7.4.3)

 

i have a few sites under it.

when some one attacks using tools and what not , how can i block his ip Address automatically when the system detects that he is triggering the deny rules?

right now it just block every attempts he tries , it should just block him why wait until he passes

Thanks

1 Solution
AEK
SuperUser
SuperUser

Hello Haitham

Under menu Web Protection > Known Attacks > Signatures, edit your signature package (or clone a predefined one), then edit it and change the Action from "Alert & Deny" to "Block Period". Default is 600 seconds but you can change it as needed.

AEK

View solution in original post

AEK
4 REPLIES 4
AEK
SuperUser
SuperUser

Hello Haitham

Under menu Web Protection > Known Attacks > Signatures, edit your signature package (or clone a predefined one), then edit it and change the Action from "Alert & Deny" to "Block Period". Default is 600 seconds but you can change it as needed.

AEK
AEK
haithamab
New Contributor II

Hi

Thanks so much this works perfect
can i have multiple profiles working on the same policy?

because i have one public ip and under it 2 different services one is WordPress and one is Moodle lms 

deifinilty we getting more public IPs soon

Cheers

AEK

Sure, for this you need to set policy "Deployment Mode" to "HTTP Content Routing".

 

AEK
AEK
haithamab
New Contributor II

Again , Perfect
it works like charm .

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors