FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 195128


This article explains how to block some of the specific public IP address to enter the internal network of the FortiGate to protect the internal network.


Step1: Create an address object

Go to Policy & Objects -> Addresses
Click on 'create new' and 'Address'

Category: Address
Name: Provide any name
Type: Subnet
Subnet / IP Range :   x.x.x.x/32   where x.x.x.x is the  specific public IP it is required to block
                                  x.x.x.x/24   where x.x.x.x is the subnet it is required to block and /24 is the subnet
Interface: Any
Click on 'OK' to apply the changes
Step2: Create IPv4 Policy

Go to Policy & Objects -> IPv4 policy
Click on 'create new '
Name: Provide any name
Incoming interface: WAN interface
Outgoing interface: LAN interface
Source: Select the address object, created above.
Destination: set it to "all"
Schedule: Always
Services: All
Action: Deny
NAT: Enable
Security Profiles:
Enable IPS
Click on 'OK' and place this policy to the top of the IPv4 policy list (by drag and drop) from the ID column.