The FortiGate IP Ban action can block all traffic from the source addresses flagged by the FortiGate when the Period Block IP automation stitch is triggered.
In this example, FortiADC will share the quarantined IP with FortiGate in case of an attack, such as a WAF or DDoS attack.
To configure the FortiGate IP Ban automation stitch:
- Go to Security Fabric > Automation.
- Click Create New.
- Enter a name for the stitch.
- Select Enable to enable this automation.
- Select the trigger Period Block IP.
- Select FortiGate IP Ban and configure the settings:
Name The action name. Delay
The amount of time after the previous action before this action executes, in seconds (0 - 3600, default = 0).
FortiGate URL The FortiGate URL. FortiGate Token
The FortiGate Token.
To get the token, log in to FortiGate, go to System> Administrator, create a new REST API Administrator, then generate API key.
- Click Save.