Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
dave2318
New Contributor

Created on ‎01-02-2016 05:00 AM

View IPS Quarantined IP's and why doesn't block work?

Hi All,

 

We have 2 x Fortigate 300C's in Active/Passive running 5.2.4.

 

We are currently being battered by thousands of SQL injection attempts. Most seem to be being blocked by the IPS rules I have set, but our webserver log IS showing SQL injection attempts! Any idea why?

 

For now I have changed the "Block ALL" option to "Quarantine for 1 hour" and that seems to have stopped it for a bit!

How do I view a list of quarantined IP's?

 

Thanks in advance.

 

Dave

4495
0 Kudos
2 REPLIES 2
razor
New Contributor III

Created on ‎01-25-2016 07:26 AM

I have the same Q. Maybe there is a fortinet tech guy who is able to answer this question? :)

Fortinet Network Security Professional (NSE4)

Fortinet Network Security Professional (NSE4)
1374
0 Kudos
Ralph1973
Contributor
In response to razor

Created on ‎01-25-2016 08:11 AM

Hi, do you have configured the

- correct ips sensor

- put that sensor in the policy that is used?

 

Is the traffic coming from the internet or from the inside (also possible)

Configure the extended ips database (temporarily)

config ips global     set database extended

 

and make sure that the sensor has all signatures needed

 

Hope this helps

p.s. the quarantined ip's are listed under user, monitor

 

Kind regards,

Ralph Willemsen

Arnhem, Netherlands

1374
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.