Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Mirza_Asad2723
New Contributor III

Created on ‎07-04-2024 11:24 PM

How to Block Source IP when detect port scan for 10 minutes

Dear Concern,

I was saw that someone can try nmap port scanning to findout the open ports or services via WAN side or LAN side and then he attempt the attacks like brute force etc. Can you help me that how can I find the source IP of attacker and how can i configure to block this IP for 10 minutes while he can try port scan automatically. 

 

Thanks and waiting for your helpful appreciable response.

Labels:
1026
0 Kudos
3 REPLIES 3
mpapisetty
Staff
Staff

Created on ‎07-04-2024 11:36 PM

Hi @Mirza_Asad2723 ,

The DoS Policy takes care of such attacks. Here is an overview of the same - 

https://docs.fortinet.com/document/fortigate/7.4.4/administration-guide/771644/dos-policy

 

HTH
Manoj Papisetty
1019
Mirza_Asad2723
New Contributor III
In response to mpapisetty

Created on ‎07-04-2024 11:53 PM

Thanks for your prompt response

I already configured it but when i tried to check nmap port scan via ubuntu so it shows all ports are open so thats why i need to configure that when the attacker attempt nmap port scan so his IP address will be block for defined time like 10 minutes. 

1010
0 Kudos
hbac
Staff
Staff
In response to Mirza_Asad2723

Created on ‎07-05-2024 10:35 AM

Hi @Mirza_Asad2723,

 

What is the destination IP of the scan? 

 

Regards, 

936
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.