Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
KubaG
New Contributor

Created on ‎11-12-2024 04:53 AM

Quarantined IP Address Group

Hello guys,

 

in our Fortigate we have list of few hundreds dynamically assigned IPs in Quarantine.

And I found this topic, where is some Quarantined MAC addresses are automaticaly filled into Address Group list named Quarantine Devices. 

https://docs.fortinet.com/document/fortigate/6.4.0/administration-guide/900942/quarantine

 

So I am courious is there some way to do similiar thing with our list of IP addresses? 

We want to create deny rule in firewall with this address group. 

 

2024-11-12_13h43_23.png

 

 

 

Labels:
159
0 Kudos
2 REPLIES 2
pminarik
Staff
Staff

Created on ‎11-12-2024 06:05 AM

I suppose you could just use regular address objects/groups in regular firewall policies? Just need to name them appropriately and treat them as quarantined addresses.

You can easily plug them into deny firewall policies, or into local-in policies (if the goal is to protect FortiGate's services, e.g .SSL-VPN)

 

As far as I can tell there is no built-in solution to funnel IP bans into address objects, but you can use the API to get a JSON of the current list. You can then process it further yourself.

You can get it with a GET request for /api/v2/monitor/user/banned/ .

[ corrections always welcome ]
142
0 Kudos
arahman
Staff
Staff

Created on ‎11-12-2024 02:16 PM

Hi, please check this article as well

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Automation-script-to-BAN-Brute-Force-attac...

111
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.