Hi folks,
I am trying to block unwanted incoming traffic from a specified IP addresses but it doesn't work.
interface wan2 is connected to internet and internal interface to my internal network. FortiOS version is 7.2.5.
Regards.
Create a local in policy : https://docs.fortinet.com/document/fortigate/7.4.1/administration-guide/363127/local-in-policy#:~:te....
Hello @qalam ,
Thank you for contacting the Fortinet Forum page.
As suggested by my colleague @spoojary you can create a local in policy which would block before processing further to a firewall policy.
Local-in policy | FortiGate / FortiOS 7.2.5 | Fortinet Document Library
But in order to check why it is not blocking the incoming traffic based on firewall policy would recommend verifying logs under log& report -> forward logs.
-Also verify if there are any virtual IP configured on the internal private address, if yes configure match-vip enable under firewall policy which is available from cli
refer to the below links for guidance :
-Make sure to move the firewall policy all the way to the top.
Best regards,
Manasa.
If you feel the above steps helped to resolve the issue mark the reply as solved so that other customers can get it easily while searching on similar scenarios.
@mpeddalla @spoojary Thank you, the best solution is to use local-in-policy because its impossible to create VIP in my case, the incoming traffic is targeting my wan interface and I am not publishing a service to internet or forwarding a certain traffic to my internal network.
Hello @qalam ,
Thank you for confirming if you would like to create local-in-policy use the below link:
https://docs.fortinet.com/document/fortigate/7.2.5/administration-guide/363127
Best regards,
Manasa.
Hi @qalam
If multiple unwanted IPs hitting means, you can create an address group and you can add all unwanted IPs in the group call in local in policy as destination and towards your wan IP as source, and set action as deny.
Regards,
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1751 | |
1114 | |
766 | |
447 | |
241 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.