5/26/23, 1:15 PM Technical Tip: How to block specific external (pub...

- Fortinet Community

 Help 

Forums  Knowledge Base  Community Groups 

FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat
intelligence security services from FortiGuard labs to deliver top-rated protection and high
performance, including encrypted traffic.

This Board Search here

Fortinet Community  Knowledge Base  FortiGate  Technical Tip: How to block specific external (pub...

spathak
Staff

Created on Edited on By

‎10-16-2019 06:59 AM ‎04-05-2022 05:06 AM Anthony_E

Article Id

195128

Technical Tip: How to block specific external (public) IP address via IPv4
policy
Description

This article explains how to block some of the specific public IP address to enter the internal network of the
FortiGate to protect the internal network.

Solution

Step1: Create an address object

Go to Policy & Objects -> Addresses

Click on 'create new' and 'Address'

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-block-specific-external-public-IP-address/ta-p/195128 1/5
5/26/23, 1:15 PM Technical Tip: How to block specific external (pub... - Fortinet Community

 
Category: Address
Name: Provide any name
Type: Subnet
Subnet / IP Range :   x.x.x.x/32   where x.x.x.x is the  specific public IP it is required to block
                                  x.x.x.x/24   where x.x.x.x is the subnet it is required to block and /24 is the subnet
 

 
Interface: Any
Click on 'OK' to apply the changes
 
Step2: Create IPv4 Policy

Go to Policy & Objects -> IPv4 policy

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-block-specific-external-public-IP-address/ta-p/195128 2/5
5/26/23, 1:15 PM Technical Tip: How to block specific external (pub... - Fortinet Community

Click on 'create new '

Name: Provide any name
Incoming interface: WAN interface
Outgoing interface: LAN interface
Source: Select the address object, created above.
Destination: set it to "all"
Schedule: Always
Services: All
Action: Deny
NAT: Enable
Security Profiles:
Enable IPS
 
Click on 'OK' and place this policy to the top of the IPv4 policy list (by drag and drop) from the ID column.
 

FortiGate V5.4 FortiGate V5.6 FortiGate V6.0 FortiGate V6.2

62139 0

Share

Submit Article Idea

Contributors

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-block-specific-external-public-IP-address/ta-p/195128 3/5