Automatic blocking IP to prevent Fortigate web interface login page
Last few days I started to see new activity on my WAN link - many login attempts on HTTPS interfaces of my Fortigates. In majority they come from IP: 22.214.171.124 but not exclusevily. My question is how to automatically block these attempts, i.e. to ban certain IP from viewing login page of Forti after few unsuccessfull login trials.
I have few Fortigates with soft not older than 6.2.15.
Based on my understanding you want to block any specific IP to your FortiGate interface. You can create a local-in policy to block specific IPs reaching your FortiGate interface. You may refer to the KB below for more information:-
To automatically block IP addresses and prevent unauthorized access to the Fortigate web interface login page, you can implement a security policy using the built-in features of the Fortigate. Here's a concise solution:
Log in to your Fortigate web interface. Go to "Security Profiles" and create a new "DoS Policy". Set "DoS Policy Type" to "HTTP Login Protection". Configure "HTTP Login Protection Settings" to specify the number of allowed login attempts and the duration of the block. Apply the policy to your WAN-facing interface.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.