Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
SuperAdmincheg
New Contributor

Created on ‎09-12-2024 11:48 PM

Block login attempts from a specific IP on a WAN interface

Hi Fortinet Community,

I have a FortiGate 60F with a 7.4.4 with a Trusted Hosts configured for admins.
But in Log & Report>System Events I see Alerts every 3 mins:
Administrator remote2 login failed from https(188.124.36.193) because of invalid user name.
How can I block this specific IP from login attempts?

GUI tutorials are from couple of years old.
Maybe someone can make CLI tutorial?
Thanks in advance.

Labels:
736
0 Kudos
1 Solution
AEK
SuperUser
SuperUser

Created on ‎09-13-2024 12:58 AM

Hi

For security it is recommended to disable all management access on WAN interface.

AEK

View solution in original post

AEK
705
3 REPLIES 3
Toshi_Esumi
SuperUser
SuperUser

Created on ‎09-12-2024 11:55 PM

Blocking just one IP is easy. Set up a simple "deny" local-in-policy. The rest should be allowed implicitly.
https://docs.fortinet.com/document/fortigate/7.4.4/administration-guide/363127/local-in-policy

Toshi

729
AEK
SuperUser
SuperUser

Created on ‎09-13-2024 12:58 AM

Hi

For security it is recommended to disable all management access on WAN interface.

AEK
AEK
706
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.