Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
May have to although hate you cannot see what is being defined in them or control the ports. Makes it difficult if you have done part of the config through published documentation. Thanks for the suggestion.
Was hoping more would have left feedback on this firmware by now. Hesitant to move up to 6.2 as has had some awful problems but this is still so recent hesitant on something that may still require a lot more patching although have not seen many negative comments on it either and people tend to moan if there are issues.
We found some problems in the use of OS6.4.2 Especially the use of Ban IP in FortiView Because the search function is cancelled in FortiView So it is extremely difficult to find a specific IP and give it a ban ip If you use the function of Indicators of Compromise Service You can even isolate its MAC and not block IP
There are also settings for SSL/SSH inspection As long as you don’t use the built-in profiles Other self-defined profiles are more or less problematic in use
Can anyone have a good solution?
M.M.SW wrote:Hi there, thank you for your report. For banning an IP, you can also do it via Log pages > Search for the device IP, then hover over the device MAC > Tooltip pop up and there is a Ban IP action there. This Ban IP action is available on any page that has device tooltip. FYI we will be adding back support for searching for FortiView in future version.
We found some problems in the use of OS6.4.2 Especially the use of Ban IP in FortiView Because the search function is cancelled in FortiView So it is extremely difficult to find a specific IP and give it a ban ip If you use the function of Indicators of Compromise Service You can even isolate its MAC and not block IP
There are also settings for SSL/SSH inspection As long as you don’t use the built-in profiles Other self-defined profiles are more or less problematic in use
Can anyone have a good solution?
Thank you thuynh for your reply
In fact, we found that if the device is connected to FortiSwitch or FortiAP In the LOG record, only quarantine host can be done but not IP banning
If it is not connected to the FortiSwitch or FortiAP device Banning an IP can be executed by following the steps you described. Isn't this weird?
I can only look forward to replying to the original FortiView ban IP function as soon as possible.
M.M.SW wrote:Thank you thuynh for your reply
In fact, we found that if the device is connected to FortiSwitch or FortiAP In the LOG record, only quarantine host can be done but not IP banning
If it is not connected to the FortiSwitch or FortiAP device Banning an IP can be executed by following the steps you described. Isn't this weird?
I can only look forward to replying to the original FortiView ban IP function as soon as possible.
The FortiSwitch and FortiAP case is intentional as we recommend quarantine MAC (layer 2) over ban-ip (layer 3). However, we can review this behaviour if ban-ip is still desired in this case.
Another workaround you can do is to find the device in the following pages and ban-ip from there - User & Device dashboard - Device Inventory widget, tooltip action on each entry
- From the above page, you can also right click on the device and find it in FortiView/Log and perform the action there. This can serve as a FortiView search workaround for now.
- WiFi Dashboard - WiFi Client (for device behind FortiAP)
- FortiSwitch client (for device behind FortiSwitch)
- User & Device dashboard - Quarantine widget (all quarantined devices should show here and you can also ban-ip them)
Thank you thuynh for your reply again
I will try the operation method you provide For some reasons we can only use Ban IP But because there are hundreds of devices I still hope that the previous management method is better Thank you anyway!
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.