- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Quarantined IP Address Group
Hello guys,
in our Fortigate we have list of few hundreds dynamically assigned IPs in Quarantine.
And I found this topic, where is some Quarantined MAC addresses are automaticaly filled into Address Group list named Quarantine Devices.
https://docs.fortinet.com/document/fortigate/6.4.0/administration-guide/900942/quarantine
So I am courious is there some way to do similiar thing with our list of IP addresses?
We want to create deny rule in firewall with this address group.
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I suppose you could just use regular address objects/groups in regular firewall policies? Just need to name them appropriately and treat them as quarantined addresses.
You can easily plug them into deny firewall policies, or into local-in policies (if the goal is to protect FortiGate's services, e.g .SSL-VPN)
As far as I can tell there is no built-in solution to funnel IP bans into address objects, but you can use the API to get a JSON of the current list. You can then process it further yourself.
You can get it with a GET request for /api/v2/monitor/user/banned/ .
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, please check this article as well
![](/skins/images/03B6F9D09B0B73D4E0068FD5D5412A2D/responsive_peak/images/icon_anonymous_message.png)