Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Not applicable

how to block External IP

I am new to useing this fortinet60 and I would like to know how to Block an range of external IP' s , such as - I bet its easy to do but I must be mising something. Thanx in advance for any help
Not applicable

Make sure the rule is ON TOP of the rule list. rules are evaluated in order!
New Contributor

Yes, it' s 1st policy at the top of the list.
Not applicable

What is the spec of your deny rule?
Not applicable

I do not know what your actual configuration is like but I will give you an example. Note: This stupid forum keeps messing up my nice lay-out so you have to look a little close a the examples. VIP I do not know if its a static VIP or a Port Forwarding so ill give you both. A Port Forward:
 PF_HTTP    wan1/EXTERNAL_IP   tcp/80    INTERNAL_IP  tcp/80
or in case of static VIP:
Policy Well next comes the policy part. You will need two policy' s, a deny first for the address that are giving you problems and a accept for all the rest. You will need to make a object for all the address and put them into a group. Ill will call this group GRP_AC_DENY for this example. I am also going to user PF_HTTP as destination. So if you have a static VIP use the other VIP ST_SRV.
 WAN1 -> Internal 
 SRC             DST       Schedule    Service    Action
 GRP_AC_DENY     PF_HTTP   always        HTTP     DENY
 all             PF_HTTP   always        HTTP     ACCEPT
That should do the trick. This will deny all access from the group and give access to all others. Hope it helps. Regards, Adrian
Top Kudoed Authors