- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
IP is not being blocked in policy
Hi there,
I have blocked one IP from outside to LAN, there is no hit also showing at policy but malicious IPs being drop under Intrusion prevention system.
The question is why ??
Before entering malicious IPs from wan to LAN, IP must be blocked If I have created policy for blocked.
thank you for early response in advanced.
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can you share the event log for the same?
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can use the 'Policy Lookup' tool under 'Firewall Policy' as well. It will tell you what policy your traffic is matching.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you're using a VIP to allow out to in, you need to set "set match-vip enable" on the deny policy.
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Firewall-does-not-block-incoming-WAN-to-LA...
Toshi
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @Umesh,
Agreed with Toshi. Alternatively, you need to create local-in-policy to block traffic from WAN to LAN. Please refer to https://docs.fortinet.com/document/fortigate/7.4.1/administration-guide/363127/local-in-policy
Regards,