Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
James_G
Contributor III

FortiOS 6.4.2 is out!

15 REPLIES 15
PeterK
New Contributor

May have to although hate you cannot see what is being defined in them or control the ports.  Makes it difficult if you have done part of the config through published documentation.  Thanks for the suggestion.

 

Was hoping more would have left feedback on this firmware by now.  Hesitant to move up to 6.2 as has had some awful problems but this is still so recent hesitant on something that may still require a lot more patching although have not seen many negative comments on it either and people tend to moan if there are issues.

M_M_SW
Contributor

 

We found some problems in the use of OS6.4.2 Especially the use of Ban IP in FortiView Because the search function is cancelled in FortiView So it is extremely difficult to find a specific IP and give it a ban ip If you use the function of Indicators of Compromise Service You can even isolate its MAC and not block IP

 

There are also settings for SSL/SSH inspection As long as you don’t use the built-in profiles Other self-defined profiles are more or less problematic in use

 

Can anyone have a good solution?

 

thuynh_FTNT

M.M.SW wrote:

 

We found some problems in the use of OS6.4.2 Especially the use of Ban IP in FortiView Because the search function is cancelled in FortiView So it is extremely difficult to find a specific IP and give it a ban ip If you use the function of Indicators of Compromise Service You can even isolate its MAC and not block IP

 

There are also settings for SSL/SSH inspection As long as you don’t use the built-in profiles Other self-defined profiles are more or less problematic in use

 

Can anyone have a good solution?

Hi there, thank you for your report. For banning an IP, you can also do it via Log pages > Search for the device IP, then hover over the device MAC > Tooltip pop up and there is a Ban IP action there. This Ban IP action is available on any page that has device tooltip. FYI we will be adding back support for searching for FortiView in future version.

M_M_SW
Contributor

 

Thank you thuynh for your reply

 

In fact, we found that if the device is connected to FortiSwitch or FortiAP In the LOG record, only quarantine host can be done but not IP banning

If it is not connected to the FortiSwitch or FortiAP device Banning an IP can be executed by following the steps you described. Isn't this weird?

 

I can only look forward to replying to the original FortiView ban IP function as soon as possible.

thuynh_FTNT

M.M.SW wrote:

Thank you thuynh for your reply

 

In fact, we found that if the device is connected to FortiSwitch or FortiAP In the LOG record, only quarantine host can be done but not IP banning

If it is not connected to the FortiSwitch or FortiAP device Banning an IP can be executed by following the steps you described. Isn't this weird?

 

I can only look forward to replying to the original FortiView ban IP function as soon as possible.

The FortiSwitch and FortiAP case is intentional as we recommend quarantine MAC (layer 2) over ban-ip (layer 3). However, we can review this behaviour if ban-ip is still desired in this case.

 

Another workaround you can do is to find the device in the following pages and ban-ip from there - User & Device dashboard - Device Inventory widget, tooltip action on each entry

- From the above page, you can also right click on the device and find it in FortiView/Log and perform the action there. This can serve as a FortiView search workaround for now.

- WiFi Dashboard - WiFi Client (for device behind FortiAP)

- FortiSwitch client (for device behind FortiSwitch)

- User & Device dashboard - Quarantine widget (all quarantined devices should show here and you can also ban-ip them)

M_M_SW
Contributor

 

Thank you thuynh for your reply again

 

I will try the operation method you provide For some reasons we can only use Ban IP But because there are hundreds of devices I still hope that the previous management method is better Thank you anyway!

 

 

Labels
Top Kudoed Authors