Fortinet black logo

Handbook

FortiGate IP Ban action

FortiGate IP Ban action

The FortiGate IP Ban action can block all traffic from the source addresses flagged by the FortiGate when the Period Block IP automation stitch is triggered.

In this example, FortiADC will share the quarantined IP with FortiGate in case of an attack, such as a WAF or DDoS attack.

To configure the FortiGate IP Ban automation stitch:

  1. Go to Security Fabric > Automation.
  2. Click Create New.
  3. Enter a name for the stitch.
  4. Select Enable to enable this automation.
  5. Select the trigger Period Block IP.
  6. Select FortiGate IP Ban and configure the settings:
    NameThe action name.
    Delay

    The amount of time after the previous action before this action executes, in seconds (0 - 3600, default = 0).

    FortiGate URLThe FortiGate URL.
    FortiGate Token

    The FortiGate Token.

    To get the token, log in to FortiGate, go to System> Administrator, create a new REST API Administrator, then generate API key.

  7. Click Save.

FortiGate IP Ban action

The FortiGate IP Ban action can block all traffic from the source addresses flagged by the FortiGate when the Period Block IP automation stitch is triggered.

In this example, FortiADC will share the quarantined IP with FortiGate in case of an attack, such as a WAF or DDoS attack.

To configure the FortiGate IP Ban automation stitch:

  1. Go to Security Fabric > Automation.
  2. Click Create New.
  3. Enter a name for the stitch.
  4. Select Enable to enable this automation.
  5. Select the trigger Period Block IP.
  6. Select FortiGate IP Ban and configure the settings:
    NameThe action name.
    Delay

    The amount of time after the previous action before this action executes, in seconds (0 - 3600, default = 0).

    FortiGate URLThe FortiGate URL.
    FortiGate Token

    The FortiGate Token.

    To get the token, log in to FortiGate, go to System> Administrator, create a new REST API Administrator, then generate API key.

  7. Click Save.