Fortinet white logo
Fortinet white logo

Configure local-in Policy to Block Access From Devices in the IP Threat Feed

Configure local-in Policy to Block Access From Devices in the IP Threat Feed

On both the Enterprise Core and 1st Floor ISFW FortiGates, configure local-in policies that block access from devices on the IP Threat Feed (FSM_Threat_Feed). Packets arriving on the interface will be dropped and logged.

  1. On the Enterprise Core FortiGate’s CLI, configure the following rule:

    config firewall local-in-policy
        edit 1
            set intf "port3"
            set srcaddr "FSM_Threat_Feed"
            set dstaddr "all"
            set service "ALL"
            set schedule "always"
        next
    end
    
  2. On the 1st Floor FortiGate’s CLI, configure the following rule:

    config firewall local-in-policy
        edit 1
            set intf "port1"
            set srcaddr "g-FSM_Threat_Feed"
            set dstaddr "all"
            set service "ALL"
            set schedule "always"
        next
    end
    
  3. On both FortiGate, navigate to Log & Report > Log Settings.

  4. Under Global Settings, set Log denied unicast traffic to enable.

  5. Click Apply.

Configure local-in Policy to Block Access From Devices in the IP Threat Feed

Configure local-in Policy to Block Access From Devices in the IP Threat Feed

On both the Enterprise Core and 1st Floor ISFW FortiGates, configure local-in policies that block access from devices on the IP Threat Feed (FSM_Threat_Feed). Packets arriving on the interface will be dropped and logged.

  1. On the Enterprise Core FortiGate’s CLI, configure the following rule:

    config firewall local-in-policy
        edit 1
            set intf "port3"
            set srcaddr "FSM_Threat_Feed"
            set dstaddr "all"
            set service "ALL"
            set schedule "always"
        next
    end
    
  2. On the 1st Floor FortiGate’s CLI, configure the following rule:

    config firewall local-in-policy
        edit 1
            set intf "port1"
            set srcaddr "g-FSM_Threat_Feed"
            set dstaddr "all"
            set service "ALL"
            set schedule "always"
        next
    end
    
  3. On both FortiGate, navigate to Log & Report > Log Settings.

  4. Under Global Settings, set Log denied unicast traffic to enable.

  5. Click Apply.