Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
yvan_rossier
New Contributor

Block external ip adresse

Hello I have lots of ip address that try to connect on my interal network on different port and I would like to block the ip address. possible? FortiGate 60 d (fortios 5.6) Thank you
5 REPLIES 5
Sunil_Panchal_NSE7
New Contributor III

dear friend , 

 

      check for you policy may be their is  loop hole . check you connected networks and check you  routes.

yvan_rossier

Hello,

 

Everything seems correct, an example:

Message meets Alert condition

date=2017-07-05 time=02:24:27 devname=Fortinet devid=FGT60Dxxxxxxxxxx logid="0101037128" type="event" subtype="vpn" level="error" vd="root" logdesc="Progress IPsec phase 1" msg="progress IPsec phase 1" action="negotiate" remip=216.218.206.70 locip=xx.xx.xx.xx remport=61032 locport=500 outintf="wan1" cookies="3e35c70729dfedef/0000000000000000" user="N/A" group="N/A" xauthuser="N/A" xauthgroup="N/A" assignip=N/A vpntunnel="N/A" status="failure" init="remote" mode="main" dir="inbound" stage=1 role="responder" result="ERROR"

 

So I would like to block these external IP addresses, how do I?

 

Thanks

Sunil_Panchal_NSE7

dear friend ,

 

         some  one is trying to use vpn  of your system ,do you have any vpn setup in you firewall just check it .

if no one is using it remove the policy of vpn and remove vpn setup .

if you can share the screen shot of your firewall policy . that will be better for me to understand .

because from the log i can see that some is trying to do vpn and i got some bad traffic from you side 

 

 

rwpatterson

I have seen that error when a tunnel is broken down on the remote side but the Fortigate config has not been removed. The FGT is still trying to establish the tunnel but the remote side is giving no joy. You would not see VPN/Tunnel messages if the FGT wasn't ready to accept. You would see traffic hitting the firewall from the remote side, not tunnel building.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
yvan_rossier

Hello, Yes I have VPNs (5) but never with this external ip. It would not be simply to block this IP address ?

 

In Annex the part ipv4 policy

 

Thanks

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors