{"id":22476,"date":"2025-05-22T10:40:26","date_gmt":"2025-05-22T02:40:26","guid":{"rendered":"https:\/\/cciedump.spoto.net\/blog\/?p=22476"},"modified":"2025-05-22T10:40:30","modified_gmt":"2025-05-22T02:40:30","slug":"how-to-block-incoming-ip-address-on-fortigate-firewall%e2%80%8b","status":"publish","type":"post","link":"https:\/\/cciedump.spoto.net\/blog\/how-to-block-incoming-ip-address-on-fortigate-firewall%e2%80%8b_22476.html","title":{"rendered":"How to Block Incoming IP Address on FortiGate Firewall\u200b?"},"content":{"rendered":"\n<p>Unwanted or malicious traffic targeting your network perimeter can originate from a handful of hostile IPs. FortiGate\u2019s rich feature set lets you block these IP addresses at the firewall itself, preventing them from ever reaching your internal resources. In this post, we\u2019ll explore:<\/p>\n\n\n\n<ol><li><strong>FortiGate\u2019s traffic-processing model<\/strong> and why address objects are key<\/li><li>Two primary methods for blocking IPs:<ul><li><strong>GUI-based<\/strong> (Policy &amp; Objects \u2192 Addresses \u2192 Firewall Policy)<\/li><li><strong>CLI-based<\/strong> (<code>config firewall address<\/code>, <code>config firewall policy<\/code>)<\/li><\/ul><\/li><li><strong>Advanced options<\/strong>: Address Groups, Local-In policies, and automated integrations (e.g., Alert Logic)<\/li><li><strong>Troubleshooting tips<\/strong> for common pitfalls<\/li><\/ol>\n\n\n\n<p>By the end, you\u2019ll have a complete toolkit for denying traffic from any source IP on FortiGate firewalls running FortiOS 7.x.<\/p>\n\n\n\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_17 counter-hierarchy counter-decimal ez-toc-light-blue\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" style=\"display: none;\"><i class=\"ez-toc-glyphicon ez-toc-icon-toggle\"><\/i><\/a><\/span><\/div>\n<nav><ul class=\"ez-toc-list ez-toc-list-level-1\"><li class=\"ez-toc-page-1 ez-toc-heading-level-2\"><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/cciedump.spoto.net\/blog\/how-to-block-incoming-ip-address-on-fortigate-firewall%e2%80%8b_22476.html\/#FortiGate_Traffic_Flow_Address_Objects\" title=\"FortiGate Traffic Flow &amp; Address Objects\">FortiGate Traffic Flow &amp; Address Objects<\/a><\/li><li class=\"ez-toc-page-1 ez-toc-heading-level-2\"><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/cciedump.spoto.net\/blog\/how-to-block-incoming-ip-address-on-fortigate-firewall%e2%80%8b_22476.html\/#Method_1_Blocking_via_the_GUI\" title=\"Method 1: Blocking via the GUI\">Method 1: Blocking via the GUI<\/a><\/li><li class=\"ez-toc-page-1 ez-toc-heading-level-2\"><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/cciedump.spoto.net\/blog\/how-to-block-incoming-ip-address-on-fortigate-firewall%e2%80%8b_22476.html\/#Method_2_Blocking_via_the_CLI\" title=\"Method 2: Blocking via the CLI\">Method 2: Blocking via the CLI<\/a><\/li><li class=\"ez-toc-page-1 ez-toc-heading-level-2\"><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/cciedump.spoto.net\/blog\/how-to-block-incoming-ip-address-on-fortigate-firewall%e2%80%8b_22476.html\/#Advanced_Option_Local-In_Policy_for_Administrative_Access\" title=\"Advanced Option: Local-In Policy for Administrative Access\">Advanced Option: Local-In Policy for Administrative Access<\/a><\/li><li class=\"ez-toc-page-1 ez-toc-heading-level-2\"><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/cciedump.spoto.net\/blog\/how-to-block-incoming-ip-address-on-fortigate-firewall%e2%80%8b_22476.html\/#Automating_with_Alert_Logic\" title=\"Automating with Alert Logic\">Automating with Alert Logic<\/a><\/li><li class=\"ez-toc-page-1 ez-toc-heading-level-2\"><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/cciedump.spoto.net\/blog\/how-to-block-incoming-ip-address-on-fortigate-firewall%e2%80%8b_22476.html\/#Troubleshooting_Tips\" title=\"Troubleshooting Tips\">Troubleshooting Tips<\/a><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"FortiGate_Traffic_Flow_Address_Objects\"><\/span>FortiGate Traffic Flow &amp; Address Objects<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Before diving into commands, it\u2019s crucial to grasp how FortiGate handles incoming packets:<\/p>\n\n\n\n<ol><li><strong>Packet Arrival<\/strong><br>Packets hit a specific interface (e.g., <code>wan1<\/code> or a VDOM link).<\/li><li><strong>Local-In vs. Forwarding<\/strong><ul><li><strong>Local-In<\/strong> policies govern traffic destined to the FortiGate itself (administrative access, SSL-VPN).<\/li><li><strong>Firewall Policies<\/strong> handle traffic being forwarded through the FortiGate from one interface to another.<\/li><\/ul><\/li><li><strong>Policy Matching<\/strong><br>FortiGate evaluates \u201csource\u201d and \u201cdestination\u201d against <em>address objects<\/em> or <em>address groups<\/em>, then applies the first matching policy (top-down).<\/li><li><strong>Action: ACCEPT or DENY<\/strong><br>If a policy matches and action is DENY, the packet is dropped.<\/li><\/ol>\n\n\n\n<p><em>Address objects<\/em> (single IP, subnet, or range) and <em>address groups<\/em> (collections of objects) are the building blocks. By creating an object for a malicious IP and then referencing it in a DENY policy, you effectively block traffic from that IP.<\/p>\n\n\n\n<h2><span class=\"ez-toc-section\" id=\"Method_1_Blocking_via_the_GUI\"><\/span>Method 1: Blocking via the GUI<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>This is often the quickest for ad-hoc blocking, especially if you\u2019re already logged into the FortiGate web console.<\/p>\n\n\n\n<ol><li><strong>Log In<\/strong><br>Open your browser, navigate to <code>https:\/\/&lt;firewall-ip><\/code>, and authenticate with an admin user.<\/li><li><strong>Create an Address Object<\/strong><ul><li>Go to <strong>Policy &amp; Objects<\/strong> \u2192 <strong>Objects<\/strong> \u2192 <strong>Addresses<\/strong>.<\/li><li>Click <strong>Create New<\/strong> \u2192 <strong>Address<\/strong>.<\/li><li>Fill in:<ul><li><strong>Name:<\/strong> <code>block-ip-203.0.113.45<\/code> (choose a descriptive name)<\/li><li><strong>Type:<\/strong> <code>IP\/Netmask<\/code><\/li><li><strong>Subnet\/IP Range:<\/strong> <code>203.0.113.45\/32<\/code><\/li><li><strong>Interface:<\/strong> <code>wan1<\/code> (optional\u2014limits matching to traffic on that interface)<\/li><\/ul><\/li><li>Click <strong>OK<\/strong>.<\/li><\/ul><\/li><li><strong>(Optional) Create an Address Group<\/strong><br>If you anticipate blocking multiple IPs, grouping them simplifies policy management:<ul><li>Go to <strong>Addresses<\/strong> \u2192 <strong>Address Groups<\/strong> \u2192 <strong>Create New<\/strong>.<\/li><li>Name it <code>blacklist<\/code>, then add your address objects to the group.<\/li><\/ul><\/li><li><strong>Create a DENY Policy<\/strong><ul><li>Navigate to <strong>Policy &amp; Objects<\/strong> \u2192 <strong>IPv4 Policy<\/strong> \u2192 <strong>Create New<\/strong>.<\/li><li>Configure:<ul><li><strong>Name:<\/strong> <code>DENY-BlockedIPs<\/code><\/li><li><strong>Incoming Interface:<\/strong> your WAN (e.g., <code>wan1<\/code>)<\/li><li><strong>Outgoing Interface:<\/strong> the internal interface (e.g., <code>lan<\/code>)<\/li><li><strong>Source:<\/strong> select your single address object (or <code>blacklist<\/code> group)<\/li><li><strong>Destination:<\/strong> <code>all<\/code> (or specific servers if limiting to particular hosts)<\/li><li><strong>Schedule:<\/strong> <code>always<\/code><\/li><li><strong>Service:<\/strong> <code>ALL<\/code> (or restrict to TCP\/UDP as needed)<\/li><li><strong>Action:<\/strong> <strong>Deny<\/strong><\/li><\/ul><\/li><li>Click <strong>OK<\/strong> .<\/li><\/ul><\/li><li><strong>Reorder If Necessary<\/strong><br>Ensure your DENY policy sits above any general ACCEPT policies so it matches first<\/li><\/ol>\n\n\n\n<h2><span class=\"ez-toc-section\" id=\"Method_2_Blocking_via_the_CLI\"><\/span>Method 2: Blocking via the CLI<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>For scripted deployments or automations, the CLI is ideal. The core commands revolve around <code>config firewall address<\/code> and <code>config firewall policy<\/code>.<\/p>\n\n\n\n<ul><li><strong>Create the Address Object<\/strong> <\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code class=\"\">config firewall address\n    edit \"block-ip-203.0.113.45\"\n        set subnet 203.0.113.45 255.255.255.255\n    next\nend<\/code><\/pre>\n\n\n\n<ul><li><strong>(Optional) Create an Address Group<\/strong> <\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code class=\"\">config firewall addrgrp\n    edit \"blacklist\"\n        append member \"block-ip-203.0.113.45\"\n    next\nend<\/code><\/pre>\n\n\n\n<ul><li><strong>Create the DENY Policy<\/strong> <\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code class=\"\">config firewall policy\n    edit 0\n        set name \"DENY-BlockedIPs\"\n        set srcintf \"wan1\"\n        set dstintf \"lan\"\n        set srcaddr \"block-ip-203.0.113.45\"\n        # or for group: set srcaddr \"blacklist\"\n        set dstaddr \"all\"\n        set action deny\n        set schedule \"always\"\n        set service \"ALL\"\n        set logtraffic all\n    next\nend<\/code><\/pre>\n\n\n\n<ul><li><strong>Verify Configuration<\/strong> <\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code class=\"\">show firewall address \"block-ip-203.0.113.45\"\r\nshow firewall policy | grep DENY-BlockedIPs\r<\/code><\/pre>\n\n\n\n<h2><span class=\"ez-toc-section\" id=\"Advanced_Option_Local-In_Policy_for_Administrative_Access\"><\/span>Advanced Option: Local-In Policy for Administrative Access<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>If you need to protect the FortiGate itself (SSH, HTTPS) from specific source IPs:<\/p>\n\n\n\n<ul><li><strong>Enable Local-In Policies<\/strong> <\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code class=\"\">config system global\r\n    set local-in-policy enable\r\nend<\/code><\/pre>\n\n\n\n<ol><li><strong>Create a Local-In Policy<\/strong> <\/li><\/ol>\n\n\n\n<pre class=\"wp-block-code\"><code class=\"\">config firewall local-in-policy\r\n    edit 0\r\n        set intf \"wan1\"\r\n        set srcaddr \"block-ip-203.0.113.45\"\r\n        set dstaddr \"all\"\r\n        set action deny\r\n        set service \"SSH\"  # or HTTPS, etc.\r\n    next\r\nend<\/code><\/pre>\n\n\n\n<blockquote class=\"wp-block-quote\"><p><strong>Tip:<\/strong> By default, local-in policy is disabled; enabling it gives you fine-grained control over management-plane traffic.<\/p><\/blockquote>\n\n\n\n<h2><span class=\"ez-toc-section\" id=\"Automating_with_Alert_Logic\"><\/span>Automating with Alert Logic<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>For dynamically blocking IPs flagged by threat intelligence or IDS, integrating FortiGate with an automated-response platform like Alert Logic can save time:<\/p>\n\n\n\n<ol><li><strong>Pre-create an Address Group<\/strong> (e.g., <code>alertlogic-blocklist<\/code>).<\/li><li><strong>Configure a Firewall Policy<\/strong> that uses this group as the source for a DENY action.<\/li><li><strong>Set Up the Alert Logic Simple Response<\/strong> to:<ul><li>Connect via API to your FortiGate.<\/li><li>Add offending IPs to the address group.<\/li><li>Optionally remove them after a TTL (e.g., 86400 seconds).<\/li><\/ul><\/li><li><strong>Monitor and Audit<\/strong> as Alert Logic updates the group automatically.<\/li><\/ol>\n\n\n\n<p>This approach offloads decision-making to your SIEM\/IDS and keeps firewall policy static, while the address group membership is dynamically managed.<\/p>\n\n\n\n<h2><span class=\"ez-toc-section\" id=\"Troubleshooting_Tips\"><\/span>Troubleshooting Tips<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<ul><li><strong>Policy Order<\/strong><br>DENY policies must precede ACCEPT policies in the policy list. Use <code>move &lt;id&gt; before &lt;other-id&gt;<\/code> in CLI or drag-and-drop in GUI.<\/li><li><strong>Interface Binding<\/strong><br>If your address object isn\u2019t scoped to an interface, it matches on all interfaces\u2014sometimes unexpectedly. Specify the interface if you see no blocks.<\/li><li><strong>Logging<\/strong><br>Enable <code>set logtraffic all<\/code> on DENY policies to verify matches in FortiAnalyzer or the logs.<\/li><li><strong>Cache and Sessions<\/strong><br>Existing sessions may persist; clear them with <code>execute clear session all<\/code> (use cautiously on production).<\/li><li><strong>DNS-Based Blocking<\/strong><br>For dynamic IP changes (e.g., CDNs), consider <code>fqdn<\/code>-type objects instead of static IPs.<\/li><li><strong>IPv6<\/strong><br>Use <code>config firewall address6<\/code> with <code>set ip6 &lt;ip&gt;\/128<\/code> to block IPv6 addresses similarly.<\/li><\/ul>\n<div class='sfsi_Sicons' style='width: 100%; display: inline-block; vertical-align: middle; text-align:left'><div style='margin:0px 8px 0px 0px; line-height: 24px'><span>Please follow and like us:<\/span><\/div><div class='sfsi_socialwpr'><div class='sf_fb_share sf_icon' style='text-align:left;vertical-align: middle;'><a href='https:\/\/www.facebook.com\/sharer\/sharer.php?u=https%3A%2F%2Fcciedump.spoto.net%2Fblog%2Fhow-to-block-incoming-ip-address-on-fortigate-firewall%E2%80%8B_22476.html' style='display:inline-block;'  > <img class='sfsi_wicon'  data-pin-nopin='true' width='auto' height='auto' alt='fb-share-icon' title='Facebook Share' src='https:\/\/cciedump.spoto.net\/blog\/wp-content\/plugins\/ultimate-social-media-icons\/images\/visit_icons\/fbshare_bck.png'  \/><\/a><\/div><div class='sf_twiter sf_icon' style='display: inline-block;vertical-align: middle;width: auto;margin-left: 7px;'>\r\n\t\t\t\t\t\t<a target='_blank' href='https:\/\/twitter.com\/intent\/tweet?text=How+to+Block+Incoming+IP+Address+on+FortiGate+Firewall%E2%80%8B%3F+https:\/\/cciedump.spoto.net\/blog\/how-to-block-incoming-ip-address-on-fortigate-firewall%e2%80%8b_22476.html'style='display:inline-block' >\r\n\t\t\t\t\t\t\t<img data-pin-nopin= true width='auto' class='sfsi_wicon' src='https:\/\/cciedump.spoto.net\/blog\/wp-content\/plugins\/ultimate-social-media-icons\/images\/visit_icons\/en_US_Tweet.svg' alt='Tweet' title='Tweet' >\r\n\t\t\t\t\t\t<\/a>\r\n\t\t\t\t\t<\/div><div class='sf_pinit sf_icon' style='text-align:left;vertical-align: middle;float:left;line-height: 33px;width:auto;margin: 0 -2px;'><a href='#'  onclick='sfsi_pinterest_modal_images(event,\"https:\/\/cciedump.spoto.net\/blog\/how-to-block-incoming-ip-address-on-fortigate-firewall%e2%80%8b_22476.html\",\"How to Block Incoming IP Address on FortiGate Firewall\u200b?\")' style='display:inline-block;'  > <img class='sfsi_wicon'  data-pin-nopin='true' width='auto' height='auto' alt='fb-share-icon' title='Pin Share' src='https:\/\/cciedump.spoto.net\/blog\/wp-content\/plugins\/ultimate-social-media-icons\/images\/share_icons\/Pinterest_Save\/en_US_save.svg'  \/><\/a><\/div><\/div><\/div>","protected":false},"excerpt":{"rendered":"<p>Unwanted or malicious traffic targeting your network perimeter can originate from a handful of hostile IPs. FortiGate\u2019s rich feature set lets you block these IP addresses at the firewall itself, preventing them from ever reaching your internal resources. In this post, we\u2019ll explore: FortiGate\u2019s traffic-processing model and why address objects are key Two primary methods&#8230; &raquo; <a class=\"read-more-link\" href=\"https:\/\/cciedump.spoto.net\/blog\/how-to-block-incoming-ip-address-on-fortigate-firewall%e2%80%8b_22476.html\">read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v18.0 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>How to Block Incoming IP Address on FortiGate Firewall\u200b? - SPOTO<\/title>\n<meta name=\"description\" content=\"FortiGate\u2019s rich feature set lets you block these IP addresses at the firewall itself, preventing them from ever reaching your internal resources.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/cciedump.spoto.net\/blog\/how-to-block-incoming-ip-address-on-fortigate-firewall\u200b_22476.html\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to Block Incoming IP Address on FortiGate Firewall\u200b? - SPOTO\" \/>\n<meta property=\"og:description\" content=\"FortiGate\u2019s rich feature set lets you block these IP addresses at the firewall itself, preventing them from ever reaching your internal resources.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/cciedump.spoto.net\/blog\/how-to-block-incoming-ip-address-on-fortigate-firewall\u200b_22476.html\" \/>\n<meta property=\"og:site_name\" content=\"SPOTO Official Blog\" \/>\n<meta property=\"article:published_time\" content=\"2025-05-22T02:40:26+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-05-22T02:40:30+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"SPOTO Club\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/cciedump.spoto.net\/blog\/#website\",\"url\":\"https:\/\/cciedump.spoto.net\/blog\/\",\"name\":\"SPOTO Official Blog\",\"description\":\"Focus on Online IT Training for 20+ Years\",\"publisher\":{\"@id\":\"https:\/\/cciedump.spoto.net\/blog\/#\/schema\/person\/25594d4796697ccb1ef63d55c269c638\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/cciedump.spoto.net\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/cciedump.spoto.net\/blog\/how-to-block-incoming-ip-address-on-fortigate-firewall%e2%80%8b_22476.html#webpage\",\"url\":\"https:\/\/cciedump.spoto.net\/blog\/how-to-block-incoming-ip-address-on-fortigate-firewall%e2%80%8b_22476.html\",\"name\":\"How to Block Incoming IP Address on FortiGate Firewall\u200b? - SPOTO\",\"isPartOf\":{\"@id\":\"https:\/\/cciedump.spoto.net\/blog\/#website\"},\"datePublished\":\"2025-05-22T02:40:26+00:00\",\"dateModified\":\"2025-05-22T02:40:30+00:00\",\"description\":\"FortiGate\u2019s rich feature set lets you block these IP addresses at the firewall itself, preventing them from ever reaching your internal resources.\",\"breadcrumb\":{\"@id\":\"https:\/\/cciedump.spoto.net\/blog\/how-to-block-incoming-ip-address-on-fortigate-firewall%e2%80%8b_22476.html#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/cciedump.spoto.net\/blog\/how-to-block-incoming-ip-address-on-fortigate-firewall%e2%80%8b_22476.html\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/cciedump.spoto.net\/blog\/how-to-block-incoming-ip-address-on-fortigate-firewall%e2%80%8b_22476.html#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/cciedump.spoto.net\/blog\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to Block Incoming IP Address on FortiGate Firewall\u200b?\"}]},{\"@type\":\"Article\",\"@id\":\"https:\/\/cciedump.spoto.net\/blog\/how-to-block-incoming-ip-address-on-fortigate-firewall%e2%80%8b_22476.html#article\",\"isPartOf\":{\"@id\":\"https:\/\/cciedump.spoto.net\/blog\/how-to-block-incoming-ip-address-on-fortigate-firewall%e2%80%8b_22476.html#webpage\"},\"author\":{\"@id\":\"https:\/\/cciedump.spoto.net\/blog\/#\/schema\/person\/25594d4796697ccb1ef63d55c269c638\"},\"headline\":\"How to Block Incoming IP Address on FortiGate Firewall\u200b?\",\"datePublished\":\"2025-05-22T02:40:26+00:00\",\"dateModified\":\"2025-05-22T02:40:30+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/cciedump.spoto.net\/blog\/how-to-block-incoming-ip-address-on-fortigate-firewall%e2%80%8b_22476.html#webpage\"},\"wordCount\":708,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/cciedump.spoto.net\/blog\/#\/schema\/person\/25594d4796697ccb1ef63d55c269c638\"},\"articleSection\":[\"all\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/cciedump.spoto.net\/blog\/how-to-block-incoming-ip-address-on-fortigate-firewall%e2%80%8b_22476.html#respond\"]}]},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\/\/cciedump.spoto.net\/blog\/#\/schema\/person\/25594d4796697ccb1ef63d55c269c638\",\"name\":\"SPOTO Club\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/cciedump.spoto.net\/blog\/#personlogo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/cciedump.spoto.net\/blog\/wp-content\/uploads\/2020\/03\/spoto-facemask-96x96.jpg\",\"contentUrl\":\"https:\/\/cciedump.spoto.net\/blog\/wp-content\/uploads\/2020\/03\/spoto-facemask-96x96.jpg\",\"caption\":\"SPOTO Club\"},\"logo\":{\"@id\":\"https:\/\/cciedump.spoto.net\/blog\/#personlogo\"},\"description\":\"SPOTO is an excellent leader in IT certification training for 20+ years. We offer 100% real Cisco CCNA, CCNP exam dumps, CCIE Lab study materials, PMP, CISA, CISM, AWS, Palo Alto, and other IT exam dumps. We have helped thousands of candidates around the world to pass their IT exams on the first try! As the first-class online IT training organization in China, SPOTO cooperates with many giant Internet companies in China like Tencent, Baidu, and Alibaba. What\u2019s more, we have won lots of awards in IT education training such as \u201cTop Ten Influential Brands In Online Education Industry\u201d given by Baidu, \u201cOfficial IT Online Training Organization\u201d awarded by Tencent Class, etc. Join us: https:\/\/cciedump.spoto.net\/ Contact us: E-mail: support@spoto.net Phone \/ WhatsApp: +86 18344981205\",\"sameAs\":[\"https:\/\/cciedump.spoto.net\/\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to Block Incoming IP Address on FortiGate Firewall\u200b? - SPOTO","description":"FortiGate\u2019s rich feature set lets you block these IP addresses at the firewall itself, preventing them from ever reaching your internal resources.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/cciedump.spoto.net\/blog\/how-to-block-incoming-ip-address-on-fortigate-firewall\u200b_22476.html","og_locale":"en_US","og_type":"article","og_title":"How to Block Incoming IP Address on FortiGate Firewall\u200b? - SPOTO","og_description":"FortiGate\u2019s rich feature set lets you block these IP addresses at the firewall itself, preventing them from ever reaching your internal resources.","og_url":"https:\/\/cciedump.spoto.net\/blog\/how-to-block-incoming-ip-address-on-fortigate-firewall\u200b_22476.html","og_site_name":"SPOTO Official Blog","article_published_time":"2025-05-22T02:40:26+00:00","article_modified_time":"2025-05-22T02:40:30+00:00","twitter_card":"summary_large_image","twitter_misc":{"Written by":"SPOTO Club","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebSite","@id":"https:\/\/cciedump.spoto.net\/blog\/#website","url":"https:\/\/cciedump.spoto.net\/blog\/","name":"SPOTO Official Blog","description":"Focus on Online IT Training for 20+ Years","publisher":{"@id":"https:\/\/cciedump.spoto.net\/blog\/#\/schema\/person\/25594d4796697ccb1ef63d55c269c638"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/cciedump.spoto.net\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/cciedump.spoto.net\/blog\/how-to-block-incoming-ip-address-on-fortigate-firewall%e2%80%8b_22476.html#webpage","url":"https:\/\/cciedump.spoto.net\/blog\/how-to-block-incoming-ip-address-on-fortigate-firewall%e2%80%8b_22476.html","name":"How to Block Incoming IP Address on FortiGate Firewall\u200b? - SPOTO","isPartOf":{"@id":"https:\/\/cciedump.spoto.net\/blog\/#website"},"datePublished":"2025-05-22T02:40:26+00:00","dateModified":"2025-05-22T02:40:30+00:00","description":"FortiGate\u2019s rich feature set lets you block these IP addresses at the firewall itself, preventing them from ever reaching your internal resources.","breadcrumb":{"@id":"https:\/\/cciedump.spoto.net\/blog\/how-to-block-incoming-ip-address-on-fortigate-firewall%e2%80%8b_22476.html#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/cciedump.spoto.net\/blog\/how-to-block-incoming-ip-address-on-fortigate-firewall%e2%80%8b_22476.html"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/cciedump.spoto.net\/blog\/how-to-block-incoming-ip-address-on-fortigate-firewall%e2%80%8b_22476.html#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/cciedump.spoto.net\/blog"},{"@type":"ListItem","position":2,"name":"How to Block Incoming IP Address on FortiGate Firewall\u200b?"}]},{"@type":"Article","@id":"https:\/\/cciedump.spoto.net\/blog\/how-to-block-incoming-ip-address-on-fortigate-firewall%e2%80%8b_22476.html#article","isPartOf":{"@id":"https:\/\/cciedump.spoto.net\/blog\/how-to-block-incoming-ip-address-on-fortigate-firewall%e2%80%8b_22476.html#webpage"},"author":{"@id":"https:\/\/cciedump.spoto.net\/blog\/#\/schema\/person\/25594d4796697ccb1ef63d55c269c638"},"headline":"How to Block Incoming IP Address on FortiGate Firewall\u200b?","datePublished":"2025-05-22T02:40:26+00:00","dateModified":"2025-05-22T02:40:30+00:00","mainEntityOfPage":{"@id":"https:\/\/cciedump.spoto.net\/blog\/how-to-block-incoming-ip-address-on-fortigate-firewall%e2%80%8b_22476.html#webpage"},"wordCount":708,"commentCount":0,"publisher":{"@id":"https:\/\/cciedump.spoto.net\/blog\/#\/schema\/person\/25594d4796697ccb1ef63d55c269c638"},"articleSection":["all"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/cciedump.spoto.net\/blog\/how-to-block-incoming-ip-address-on-fortigate-firewall%e2%80%8b_22476.html#respond"]}]},{"@type":["Person","Organization"],"@id":"https:\/\/cciedump.spoto.net\/blog\/#\/schema\/person\/25594d4796697ccb1ef63d55c269c638","name":"SPOTO Club","image":{"@type":"ImageObject","@id":"https:\/\/cciedump.spoto.net\/blog\/#personlogo","inLanguage":"en-US","url":"https:\/\/cciedump.spoto.net\/blog\/wp-content\/uploads\/2020\/03\/spoto-facemask-96x96.jpg","contentUrl":"https:\/\/cciedump.spoto.net\/blog\/wp-content\/uploads\/2020\/03\/spoto-facemask-96x96.jpg","caption":"SPOTO Club"},"logo":{"@id":"https:\/\/cciedump.spoto.net\/blog\/#personlogo"},"description":"SPOTO is an excellent leader in IT certification training for 20+ years. We offer 100% real Cisco CCNA, CCNP exam dumps, CCIE Lab study materials, PMP, CISA, CISM, AWS, Palo Alto, and other IT exam dumps. We have helped thousands of candidates around the world to pass their IT exams on the first try! As the first-class online IT training organization in China, SPOTO cooperates with many giant Internet companies in China like Tencent, Baidu, and Alibaba. What\u2019s more, we have won lots of awards in IT education training such as \u201cTop Ten Influential Brands In Online Education Industry\u201d given by Baidu, \u201cOfficial IT Online Training Organization\u201d awarded by Tencent Class, etc. Join us: https:\/\/cciedump.spoto.net\/ Contact us: E-mail: support@spoto.net Phone \/ WhatsApp: +86 18344981205","sameAs":["https:\/\/cciedump.spoto.net\/"]}]}},"_links":{"self":[{"href":"https:\/\/cciedump.spoto.net\/blog\/wp-json\/wp\/v2\/posts\/22476"}],"collection":[{"href":"https:\/\/cciedump.spoto.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cciedump.spoto.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cciedump.spoto.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cciedump.spoto.net\/blog\/wp-json\/wp\/v2\/comments?post=22476"}],"version-history":[{"count":1,"href":"https:\/\/cciedump.spoto.net\/blog\/wp-json\/wp\/v2\/posts\/22476\/revisions"}],"predecessor-version":[{"id":22477,"href":"https:\/\/cciedump.spoto.net\/blog\/wp-json\/wp\/v2\/posts\/22476\/revisions\/22477"}],"wp:attachment":[{"href":"https:\/\/cciedump.spoto.net\/blog\/wp-json\/wp\/v2\/media?parent=22476"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cciedump.spoto.net\/blog\/wp-json\/wp\/v2\/categories?post=22476"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cciedump.spoto.net\/blog\/wp-json\/wp\/v2\/tags?post=22476"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}