Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
RonBrow
New Contributor

fortigate 7.0.16 block all public ip addresses

I recently added a cellular internet back up service to our Fotigate. For the last 2 or 3 weeks I have recieved over 1000 "Login Denied" email alerts. I would like to block all public ip addresses but I have not found a good step by step using the web interface (I don't use CLI). Can someone point me in the right direction?

I have a Fortigate FG60F with version 7.0.16 build0667. I cuurently have the backup internet unplugged.

Ron
Ron
1 Solution
dingjerry_FTNT

Hi @RonBrow ,

 

To block all public IP addresses, you may just disable Allowaccess services on the web interface.

 

Meanwhile, you may create a Local-in policy with the web interface. all public IP addresses as the source with Deny action.

 

https://docs.fortinet.com/document/fortigate/7.6.0/administration-guide/363127/local-in-policy

 

What you can do: 

 

1) Create one local-in policy, create private subnets as firewall address objects and apply in this local-in policy with Allow action if you need to allow private subnets to access this  interface, otherwise, skip this step;

 

2) Create a second local-in policy below the first one, use "all" for source/destination addresses and Deny action.

 

This will block/deny all public IP addresses to access this web interface only.

Regards,

Jerry

View solution in original post

2 REPLIES 2
dingjerry_FTNT

Hi @RonBrow ,

 

To block all public IP addresses, you may just disable Allowaccess services on the web interface.

 

Meanwhile, you may create a Local-in policy with the web interface. all public IP addresses as the source with Deny action.

 

https://docs.fortinet.com/document/fortigate/7.6.0/administration-guide/363127/local-in-policy

 

What you can do: 

 

1) Create one local-in policy, create private subnets as firewall address objects and apply in this local-in policy with Allow action if you need to allow private subnets to access this  interface, otherwise, skip this step;

 

2) Create a second local-in policy below the first one, use "all" for source/destination addresses and Deny action.

 

This will block/deny all public IP addresses to access this web interface only.

Regards,

Jerry
Toshi_Esumi
SuperUser
SuperUser

By the way, 1000 failed attempts for 2 weeks means 71.4/day. That's actually not bad. I think I got much more SSL VPN failed attempts at my home FGT until I blocked almost all except a few known source IPs by a set of local-in-policy.
7.4 and before, local-in-policy can be configured only in CLI. It might be a good opportunity to learn CLI.

Toshi

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors