I have a Fortigate 60B running firmware 3.00-b0744(MR7 Patch 6) with several production servers behind it. Yesterday I received email alerts (about 40 or so) that intrusions were detected. They all came from the same IP address. What I want to know, is why the firewall did not block the IP completely after the first few attempts, instead of logging and blocking individual attempts. I have since added that IP specifically to a list of banned IP addresses, and had the colocation block that IP upstream of our firewall.
I did not see a setting anywhere that would block the IP of incoming detected intrusion attempts for X number of minutes. Is this capability not available in my version of firmware?
Please let me know if any further information is needed. Thanks in advance for any advice.
this feature (to block an IP for a while) was introduced in 4.00MR1 AFAIK. The 60B is able to run this code. You will have to configure the IPS sensor yourself, though. Then you have the option to quarantine the sender' s IP for some amount of time, or until manual release from the Banned User List.
Have a look at this thread:
Expert Troubleshooting air duct cleaning services near me: Identifying AC Issues with Precision Our expert technicians excel in troubleshooting conditioning problems. Through a thorough assessment, we pinpoint the root cause of the malfunction, ensuring an accurate repair. We take the time to explain the issue to you and provide transparent solutions, so you can make informed decisions regarding your AC repair.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.