Hi Fortinet Tech's!
I have a question regarding IPS ( maybe the full security bundle instead ), if it's possible to quarantaine a user and/or device if there is any threat found between the endpoint / destination.
I know it's possible to de-block a user/device if an administrator quarantaine the user/device by himself. But is it possible to automate this process?
Thanks in advance!
Fortinet Network Security Professional (NSE4)
Hello,
Yes you can set the IPS sensor to Quarantine the ip, then it is, apart from the host being blocked, also quarantined for the time span you choose.
Regards,
Ralph
Ralph1973 wrote:Where can I pick the option to block the Host OR the IP? Of does IPS block both at the same time?Hello,
Yes you can set the IPS sensor to Quarantine the ip, then it is, apart from the host being blocked, also quarantined for the time span you choose.
Regards,
Ralph
Thanks for the quick answer though!
The situation what I would like to see: if a client visits a malware which is being blocked by IPS, the client will be blocked from the network/internet. At this moment the malicious website gets quarantained by the IPS engine.
Fortinet Network Security Professional (NSE4)
Hello,
Ah, now I understand. Well, I think this is only possible by using Webfilter. The client is not quarantined then, but rather he gets a block page.
However, you can also configure client reputation, see http://docs.fortinet.com/uploaded/files/1655/monitoring-your-network-using-client-reputation.pdf
Ralph1973 wrote:Thanks for the answer.Hello,
Ah, now I understand. Well, I think this is only possible by using Webfilter. The client is not quarantined then, but rather he gets a block page.
However, you can also configure client reputation, see http://docs.fortinet.com/uploaded/files/1655/monitoring-your-network-using-client-reputation.pdf
I know it's possible to block an endpoint completely, but maybe that's only possible while the endpoint has the FortiClient installed? Am I correct?
Fortinet Network Security Professional (NSE4)
Hello Razor, to be honest, I know there are some options, but never had this implemented. So I cannot give you a satisfying answer I'm afraid
Kind regards,
Ralph
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.