Regards,
We need to be able to "automatically" block Client IDs that exceed a Threat Score by some policy or rule in Fortiweb 6.3
Thank you
@JMATAS You can add the following entry under the Client management configuration>Block Settings to block Malicious Client(Client with the histrorcal threat =>200 for a certain period.
Please ensure you have enabled the 'Client management' in the Web Protection profile applied to the server policy.
Test Results:
These screenshots are from 6.3.22 GA Fortiweb.
Please refer to the following admin guide link for further information.
Created on 05-03-2023 01:05 AM Edited on 05-03-2023 01:06 AM
Thank you very much Denzil, it is one of the things we are doing, controlling the attack with the limits of the Client Management Configuration, but the blocking limits are at most one day, the boots reappear after that time.
We would like to know, then, how to block those Client IDs once they exceed a Historical Threat Weight set by us.
Thank you so much.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.