Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Umesh
Contributor

how to block 5000 public IP

Hi All, 

We have to block around 5000 public IP in FortiGate firewall 1200D, actually, I got a security advisory for this from our organization.

Just I would like to know from you all if there is any flexible solution for it as you know that this is a very lengthy task for me as we have to block one by one IP.

let me give an example - 

Source IP  would be - 193. X.X.X

Destination - 11.X.X.X

service - any and port no 449 also

blocked.

 

Thank you in advance.

 

4 REPLIES 4
sw2090
Honored Contributor

you would have to generate the cli script from e.g. a list of ips and then run that on cli or imort it via gui. I don't know any other way.

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Umesh

Well,

Could you please describe how to do it and what is the method and also pls write here the steps on how to do in FortiGate 1200D.

 

Thank you for replying on it.

Sachin_Alex_Cherian_

Hi,

If the IP list can be maintained on a server, FG can be configured to pull the IP list from the server by adding an external thread feed. If this option interests you, you can have a look at the  below link:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-External-threat-list-threat-feed-blocked-v...

 

Regards,
Sachin.
ede_pfau
Esteemed Contributor III

Some time ago I've developed a Python script to create a FortiOS blacklist from a simple list of IPs. You can find it here 


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Labels
Top Kudoed Authors