Dear All,
Greetings,
Just I want to know in FortiGate is there any feasible solution If I want to block bulk public IPs.
For example - 1.1.1.1/32
Note - I have to block around 2500 public IPs in our organization at the FortiGate firewall..
So please anyone can make me understand to block these IPs.
Please also share a Road map to block these IPs if you know.
Thank you
Solved! Go to Solution.
Yes, you have to host the block list on HTTP server in your network if it is a custom block list, not one bought from 3rd party provider. Then you create External Fabric connector with URL of this server for Fortigate to download the feed.
See screenshot attached. For more details you can also see my post here: Using external threat feeds in FortiGate has become much easier with 6.0 and 6.2 versions
HTH
Hi Team,
The best way is to use threat feeds.
Please follow this article for the same:
https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/9463/threat-feeds
You can use this article for the same.
You require webserver where you need to host one text file with all those ip address.
Hi dear,
Is there any external servers we need to create or something else we have to do for it.
Yes, you have to host the block list on HTTP server in your network if it is a custom block list, not one bought from 3rd party provider. Then you create External Fabric connector with URL of this server for Fortigate to download the feed.
See screenshot attached. For more details you can also see my post here: Using external threat feeds in FortiGate has become much easier with 6.0 and 6.2 versions
HTH
Dear Umesh,
You can use a Webserver, internal network, or external network, that FortiGate can reach and retrieve the list of IP addresses you have added.
Like in the article below:
config system external-resource edit "test-external-iplist-1" set status enable set type address set username '' set password ENC set comments '' set resource "http://10.6.30.55/ip_list_test/test-external-iplist-2.txt" <--- set refresh-rate 15 next end
So you can put on the webserver the file that can be reached from HTTP.
Best Regards,
Vasil
Hi,
One way to block access to your fortigate from the public IPs is to configure a local-in-policy.
For example:
configure address object
config firewall address
edit public_IP_to_block
set subnet 1.1.1.0 255.255.255.0
next
end
If you have multiple subnets to block, You can configure more address-object and make an Address-object group
config firewall local-in-policy
edit 1
set intf wan1
set srcaddr "public_IP_to_block" <--- Address-object or address-object-groupe
set dstaddr All <--- it can be all or you can define any address group ( like for block access to WAN1, configure an address-object for that WAN IP)
set action deny
set service All
set schedule "always"
end
Hi Mahboob,
I have around 5000 IPs which has to be blocked in the Fortinet firewall, you know is it possible to block them one by one, as I know it is very tough work for me. do you have any feasible solution ???
for it.
Ho Umesh,
You can configure as many as address-object (even with different types) and make a address-group of all these address-object and set this addr as srcaddr in local-in-policy
And if in future you need to add any new address-object, just create and add it into address-group.
Below is an Example for your refrence
config firewall address
edit "1"
set type iprange
set start-ip 10.10.10.0
set end-ip 10.10.10.200
next
edit "2"
set type geography
set country "AU"
next
edit "3"
set subnet 172.16.0.0 255.255.0.0
next
end
config firewall addrgrp
edit "block_groupe"
set member "1" "2" "3"
next
end
config firewall local-in-policy
edit 1
set intf "wan1"
set srcaddr "block_groupe"
set dstaddr "all"
set schedule "always"
next
end
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.