Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
drewb0y
New Contributor

Fortigate 60B IPS alerts

I have a Fortigate 60B running firmware 3.00-b0744(MR7 Patch 6) with several production servers behind it. Yesterday I received email alerts (about 40 or so) that intrusions were detected. They all came from the same IP address. What I want to know, is why the firewall did not block the IP completely after the first few attempts, instead of logging and blocking individual attempts. I have since added that IP specifically to a list of banned IP addresses, and had the colocation block that IP upstream of our firewall. I did not see a setting anywhere that would block the IP of incoming detected intrusion attempts for X number of minutes. Is this capability not available in my version of firmware? Please let me know if any further information is needed. Thanks in advance for any advice.
2 REPLIES 2
ede_pfau
Esteemed Contributor III

Hi, this feature (to block an IP for a while) was introduced in 4.00MR1 AFAIK. The 60B is able to run this code. You will have to configure the IPS sensor yourself, though. Then you have the option to quarantine the sender' s IP for some amount of time, or until manual release from the Banned User List. Have a look at this thread: http://support.fortinet.com/forum/tm.asp?m=63465&appid=&p=&mpage=1&key=&language=&tmode=&smode=&s=#63465

Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
nono24
New Contributor

Expert Troubleshooting air duct cleaning services near me: Identifying AC Issues with Precision
Our expert technicians excel in troubleshooting conditioning problems. Through a thorough assessment, we pinpoint the root cause of the malfunction, ensuring an accurate repair. We take the time to explain the issue to you and provide transparent solutions, so you can make informed decisions regarding your AC repair.

Top Kudoed Authors