Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
JMATAS
New Contributor

Created on ‎04-28-2023 02:10 AM

Block Client ID Fortiweb 

Regards,
We need to be able to "automatically" block Client IDs that exceed a Threat Score by some policy or rule in Fortiweb 6.3

Thank you
Labels:
563
0 Kudos
2 REPLIES 2
ddsouza_FTNT
Staff
Staff

Created on ‎04-28-2023 07:59 AM Edited on ‎04-28-2023 08:00 AM

@JMATAS You can add the following entry under the Client management configuration>Block Settings to block Malicious Client(Client with the histrorcal threat =>200 for a certain period.

 

image.png

 

Please ensure you have enabled the 'Client management' in the Web Protection profile applied to the server policy.

 

Test Results:

image.png

image.png

image.png

 

These screenshots are from 6.3.22 GA Fortiweb.

 

Please refer to the following admin guide link for further information.

https://docs.fortinet.com/document/fortiweb/6.3.19/administration-guide/225514/configuring-client-ma...

553
0 Kudos
JMATAS
New Contributor
In response to ddsouza_FTNT

Created on ‎05-03-2023 01:05 AM Edited on ‎05-03-2023 01:06 AM

Client.pngThank you very much Denzil, it is one of the things we are doing, controlling the attack with the limits of the Client Management Configuration, but the blocking limits are at most one day, the boots reappear after that time.

We would like to know, then, how to block those Client IDs once they exceed a Historical Threat Weight set by us.

Thank you so much.

521
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.