Hi:

I have a FG500E.  In a very short time I see about 200,000 blocked (deny policy connections) and 30,000 failed connections.

I created Dos Policies and used the cli to add a 1 year ban to any IP attempting Anomaly attacks.  This works great.  Secondly  too my protect_http_server I changed many signatures to Ban IP.   This works great too.   When I go Fortiview Sources I can only see a list of my own local IPs and I don't want to ban them.  As a result I have no way to Ban blatant attackers.

I can easily see IPs checking every last IP on every port etc.  but do not know how to put an end to them.  My normal sessions can easily grow from 2500 to 8000 with these jokers.  I see on the menu  IP4 Access Control List .   I just want to understand if I understand how it works.   If I watch my Forticloud Logs and see IPs I want stopped - can I make an address Hackerx  IP# Wan1 and then add all the Hackers to a group and then setup an IP access list  select Wan1 , the source address to the hacker Group and then all all to destination and service -  will this effectively ban ever IP in the hacker Group ?  

This is a fair bit of effort but I would sooner ferret these guys out before they find some vulnerability.   If I understand the access Control List incorrectly then is there any other method to lock out known blatant attackers?   I do already use Countries in policies and this also helps a lot.  I usually start wan1 to any interface with a policy  deny all to China and Russia  the two worst perpetrators.  I tend to have to allow USA and Canada   but the US also has a lot of hack attempts.

Thanks,

Scott