Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
junior
New Contributor II

Created on ‎03-15-2022 12:30 AM

how to block specific external IP avoiding from VPN login?

Hi all, as title, a stranger attempts to login our VPN from a specific external IP such as 85.56.83.8, do you know how to block it? or any other solutions?

Thanks in advance.

Labels:
4750
0 Kudos
8 REPLIES 8
Toshi_Esumi
SuperUser
SuperUser

Created on ‎03-15-2022 09:16 AM

General answer would be "local-in policy" described in below post.

https://community.fortinet.com/t5/Fortinet-Forum/How-to-block-external-IP-to-avoid-connection-from-i...

 

Toshi

4668
sharmaj
Staff
Staff

Created on ‎03-16-2022 01:17 AM

Hi ,

 

If you have multiple such IPs, you can actually block them using the IP threat feed database and add that into the policy pertaining to VPN.

 

https://docs.fortinet.com/document/fortigate/6.2.0/new-features/625349/external-block-list-threat-fe...

Jay sharma
4650
ede_pfau
SuperUser
SuperUser

Created on ‎03-16-2022 03:04 AM

AFAICT, threat feed cannot be used in local-in policies.

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
4641
junior
New Contributor II
In response to ede_pfau

Created on ‎03-16-2022 03:08 AM

is there any other advice?

4638
0 Kudos
ede_pfau
SuperUser
SuperUser

Created on ‎03-16-2022 03:12 AM

local-in policy is the way to go. It's effective and available. What else do you need?

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
4636
junior
New Contributor II
In response to ede_pfau

Created on ‎03-17-2022 02:06 AM

Hi, it's like the commands?

config firewall local-in-policy
edit 0
set intf "WAN"
set srcaddr "81.59.52.3"
set dstaddr "all"
set service "ALL"
set schedule "always"

4597
0 Kudos
ede_pfau
SuperUser
SuperUser
In response to junior

Created on ‎03-17-2022 03:57 AM

Yup. Default action is DENY and will not show up using "show", but when you use "show full". Check to be sure.

Over time you will collect some number of 'hostile' public IPs. Put them into an address group and use the group in the local-in policy. This way, to add an address, you only have to edit the group and can leave the policy alone.

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
4589
Debbie_FTNT
Staff
Staff
In response to junior

Created on ‎03-17-2022 04:02 AM

Hey junior,

that looks about right - it should block that 81.59.52.3 IP from accessing the FortiGate.

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
4588
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.