FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article explains how to block some of the specific public IP address to enter the internal network of the FortiGate to protect the internal network.
Step1: Create an address object
Go to Policy & Objects -> Addresses Click on 'create new' and 'Address'
Category: Address Name: Provide any name Type: Subnet Subnet / IP Range : x.x.x.x/32 where x.x.x.x is the specific public IP it is required to block x.x.x.x/24 where x.x.x.x is the subnet it is required to block and /24 is the subnet
Interface: Any Click on 'OK' to apply the changes
Step2: Create IPv4 Policy
Go to Policy & Objects -> IPv4 policy
Click on 'create new ' Name: Provide any name Incoming interface: WAN interface Outgoing interface: LAN interface Source: Select the address object, created above. Destination: set it to "all" Schedule: Always Services: All Action: Deny NAT: Enable Security Profiles: Enable IPS
Click on 'OK' and place this policy to the top of the IPv4 policy list (by drag and drop) from the ID column.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.