Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
SuperAdmincheg
New Contributor

Block login attempts from a specific IP on a WAN interface

Hi Fortinet Community,

I have a FortiGate 60F with a 7.4.4 with a Trusted Hosts configured for admins.
But in Log & Report>System Events I see Alerts every 3 mins:
Administrator remote2 login failed from https(188.124.36.193) because of invalid user name.
How can I block this specific IP from login attempts?

GUI tutorials are from couple of years old.
Maybe someone can make CLI tutorial?
Thanks in advance.

1 Solution
AEK
SuperUser
SuperUser

Hi

For security it is recommended to disable all management access on WAN interface.

AEK

View solution in original post

AEK
3 REPLIES 3
Toshi_Esumi
SuperUser
SuperUser

Blocking just one IP is easy. Set up a simple "deny" local-in-policy. The rest should be allowed implicitly.
https://docs.fortinet.com/document/fortigate/7.4.4/administration-guide/363127/local-in-policy

Toshi

AEK
SuperUser
SuperUser

Hi

For security it is recommended to disable all management access on WAN interface.

AEK
AEK
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors