Description
This article explains how to block some of the specific public IP address to enter the internal network of the FortiGate to protect the internal network.
Solution
Step1: Create an address object
Go to Policy & Objects -> Addresses
Click on 'create new' and 'Address'
Category: Address
Name: Provide any name
Type: Subnet
Subnet / IP Range : x.x.x.x/32 where x.x.x.x is the specific public IP it is required to block
x.x.x.x/24 where x.x.x.x is the subnet it is required to block and /24 is the subnet
Name: Provide any name
Type: Subnet
Subnet / IP Range : x.x.x.x/32 where x.x.x.x is the specific public IP it is required to block
x.x.x.x/24 where x.x.x.x is the subnet it is required to block and /24 is the subnet
Interface: Any
Click on 'OK' to apply the changes
Click on 'OK' to apply the changes
Step2: Create IPv4 Policy
Go to Policy & Objects -> IPv4 policy
Go to Policy & Objects -> IPv4 policy
Click on 'create new '
Name: Provide any name
Incoming interface: WAN interface
Outgoing interface: LAN interface
Source: Select the address object, created above.
Destination: set it to "all"
Schedule: Always
Services: All
Action: Deny
NAT: Enable
Security Profiles:
Enable IPS
Name: Provide any name
Incoming interface: WAN interface
Outgoing interface: LAN interface
Source: Select the address object, created above.
Destination: set it to "all"
Schedule: Always
Services: All
Action: Deny
NAT: Enable
Security Profiles:
Enable IPS
Click on 'OK' and place this policy to the top of the IPv4 policy list (by drag and drop) from the ID column.
