Hello guys
I noticed that a certain ip tried to invade a web server and IPS dropped that attempt, but soon after that same ip tried several more times. Is there a way to configure FGT to automatically block this ip for minutes or hours, so you can not keep trying every second? or that it is inserted into a blacklist?
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
See the following and enable IPS utm profile quarantine feature:
https://forum.fortinet.com/tm.aspx?m=151871
Quarantine list is maintained by kernel and is more efficient in cpu usage in terms of blocking quarantined client connections.
Hello,
it's possibilite with quarantine, you can set the time.You can then check the blocked IPs on monitor> quarantine monitor.
See the following and enable IPS utm profile quarantine feature:
https://forum.fortinet.com/tm.aspx?m=151871
Quarantine list is maintained by kernel and is more efficient in cpu usage in terms of blocking quarantined client connections.
Hello,
it's possibilite with quarantine, you can set the time.You can then check the blocked IPs on monitor> quarantine monitor.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1698 | |
1092 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.