Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

List of IP Addresses

I was recently given a list of IP Addresses from the NCUA (Credit Union version of the FDIC) that may be associated with a series of intrusion activities against the financial sector. Is there somewhere in the Fortigate 100C and 60C that this list can be input/added to block these IP Addresses? Thank you
New Contributor

I don' t know of a super easy way to block a list of specific IPs without going into Policy & Objects > Objects > Addresses and adding them individually by range or subnet. Then creating a a policy to deny those addresses from coming in the WAN port. I don' t believe there is a way to import a list of IPs into one address object.
New Contributor

I was afraid of that. The list is pretty long. That can be a lot of manual entries.

You can script it...I would recommend something along the following: 1. Have your list of ips with each IP/subnet on its' own line 2. Using scripting language of your choice, loop through the contents, ie(bash) #!/bin/bash for i in $(cat $1); do echo " edit $i" echo " set subnet $i" echo " next" done 3. Run the above script with your filename as the argument and it will create an output like this which you can just pipe into another file: edit set subnet next edit set subnet next edit set subnet next edit set subnet next etc, etc Not the fanciest solution but would at least allow you to get them added in, after this just get into a CLI window and do " config firewall address" and paste in the contents of the output to create them all.

I once had to block a long list of IP addresses which where gathered from a hostsdeny process (unsuccessful login attempts). As there were around 4.000 addresses I had to split them up into address groups with 500 addresses each. I wrote a python script to do that, to read and recognize the addresses, to create address groups, to fill them up etc. On a 310B it took some 45 minutes to digest these into the running config, uploaded as bulk script. There really is no other way.
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
Esteemed Contributor III

You can do Warren suggested, but I would caution you, that the smaller unit have a limit number of address you can install. A SOHO model would easily be limited. What you should do is look at writing a IPS rule building a sensor and apply that imho. Managing a big list of address and blackholing particular ip_address could be a disaster. When I worked in the DDoS environment we tried maintain botnet list for the financial sector and it was hit & miss.




PCNSE NSE StrongSwan

This is possible in latest version. Follow this article to configure. You may also download tool from to easily add/remove/view/bulk upload IP address to feed.

My Personal Blog -

My Personal Blog -

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors