Block Client ID Fortiweb

JMATAS · ‎04-28-2023

Regards,
We need to be able to "automatically" block Client IDs that exceed a Threat Score by some policy or rule in Fortiweb 6.3

Thank you

ddsouza_FTNT · ‎04-28-2023

@JMATAS You can add the following entry under the Client management configuration>Block Settings to block Malicious Client(Client with the histrorcal threat =>200 for a certain period.

Please ensure you have enabled the 'Client management' in the Web Protection profile applied to the server policy.

Test Results:

These screenshots are from 6.3.22 GA Fortiweb.

Please refer to the following admin guide link for further information.

https://docs.fortinet.com/document/fortiweb/6.3.19/administration-guide/225514/configuring-client-ma...

JMATAS · ‎05-03-2023

Thank you very much Denzil, it is one of the things we are doing, controlling the attack with the limits of the Client Management Configuration, but the blocking limits are at most one day, the boots reappear after that time.

We would like to know, then, how to block those Client IDs once they exceed a Historical Threat Weight set by us.

Thank you so much.

Block Client ID Fortiweb

Nominate a Forum Post for Knowledge Article Creation