Hello guys,
in our Fortigate we have list of few hundreds dynamically assigned IPs in Quarantine.
And I found this topic, where is some Quarantined MAC addresses are automaticaly filled into Address Group list named Quarantine Devices.
https://docs.fortinet.com/document/fortigate/6.4.0/administration-guide/900942/quarantine
So I am courious is there some way to do similiar thing with our list of IP addresses?
We want to create deny rule in firewall with this address group.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I suppose you could just use regular address objects/groups in regular firewall policies? Just need to name them appropriately and treat them as quarantined addresses.
You can easily plug them into deny firewall policies, or into local-in policies (if the goal is to protect FortiGate's services, e.g .SSL-VPN)
As far as I can tell there is no built-in solution to funnel IP bans into address objects, but you can use the API to get a JSON of the current list. You can then process it further yourself.
You can get it with a GET request for /api/v2/monitor/user/banned/ .
Hi, please check this article as well
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1663 | |
1077 | |
752 | |
446 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.