Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

How to block hosts using Fortigate and Cisco Swithes?

Hi guys, I have traffic going through a fortigate, for the endpoints that violate the policies defined in the security profiles I use the IP block when the event is not remedied. Since the IP is on layer 3 and my Swithces are not Fortinet, whenever the host that is blocked by the IP BAN action changes floor and acquires another one, I get the alerts again, same host and different IP.

What is the best alternative to use to mitigate this scenario?
My Swithes are Cisco


Try using mac based blocking (Layer 2).


Vinay HM

A good solution could be the integration with FortiNAC. You can have full visibility that FortiNAC gives for the network and integrate that with FortiGate via FSSO. FortiNAC supports a large ranges of switches for different vendors including Cisco switches.

Take a look at this integration guide:

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.