Hi All,
I have a question related to blocking ICMP from a malicious IP on the FortiGate.
We have allowed ICMP to one of our sever from external. We see that ICMP was allowed from a malicious IP though it was categorized by FGD as malware. We have all the security profiles enabled for the VIP policy in FGT.
Is there a way to block ICMP from malicious IP's?
Thanks!
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi ro_phil
If you have the malicious IP, just create a firewall policy with the malicious IP as source address and action set to deny.
You can create a reputation policy:
Or you can create a deny policy using these Internet Service Database Objects as source.
- Botnet-C&C.Server
- Malicious-Malicious
- Malicious-Malicious.Server
- Phishing-Phishing.Server
- Spam-Soamming.Server
- Tor-Exit.Node
In this case, do not forget to "set match-vip enable" on this policy. Has to be done on the CLI.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1710 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.