Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ro_phil
New Contributor

Blocking ICMP from malicious IP

Hi All,

 

I have a question related to blocking ICMP from a malicious IP on the FortiGate.

 

We have allowed ICMP to one of our sever from external. We see that ICMP was allowed from a malicious IP though it was categorized by FGD as malware. We have all the security profiles enabled for the VIP policy in FGT.

 

Is there a way to block ICMP from malicious IP's?

 

Thanks!

2 REPLIES 2
ESCHAN_FTNT
Staff
Staff

Hi ro_phil

 

If you have the malicious IP, just create a firewall policy with the malicious IP as source address and action set to deny.

brudy
New Contributor II

You can create a reputation policy:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-IP-reputation-in-policies-and-fallthrough/...

 

Or you can create a deny policy using these Internet Service Database Objects as source. 

- Botnet-C&C.Server

- Malicious-Malicious

- Malicious-Malicious.Server

- Phishing-Phishing.Server

- Spam-Soamming.Server

- Tor-Exit.Node

 

In this case, do not forget to "set match-vip enable" on this policy. Has to be done on the CLI.

 

__
Peter Bruderer
__Peter Bruderer
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors