Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

How to block traffic based on hostname or FQDN of bad bots on Fortigate 60D

Hey, I hope someone can help me. I use a Fortigate 60D as my external firewall. I have a Windows 2019 web server running a website on IIS. I am getting lots of robots on my website. I have already blocked other countries by adding a country block. It works perfectly. But now I am dealing with bad bots based in the United States visiting my website. This is an example of a visitor I would like to block:


ISP: The Shadow Server Foundation
Usage type: Data Center/Web Hosting/Transit

Country: United States


City: Pleasanton, California


I believe the way to block this is by

1) Creating an FQDN entry under Policy & Objects > Addresses with or * (wildcard) - or do I need to do both?

2) Then creating an IPv4 Policy to "Deny" incoming traffic to the FQDN address I created.


Is that correct? Am I missing something?


Also, in some cases the hostname and domain name of some of the bad bots are different. Which of the two do I select as the FQDN. I want to make sure I don't accidentally block good traffic.


If anyone could clear things up for me, that would be helpful. I am new to Firewalling but so far I love Fortigate. Seems like the community is pretty robust and willing to help.


PS: I have seen videos that teaches how to block common bots and bad actors with threat feeds but I think I need to subscribe to Fortiguard but I am not subscribed to it.


You can definitely use the wildcard as an object, in the * format.

If you block the botnet you must enable IPS on your policy with the VIP:



I suggest to you to pay and enable FortiGuard services.