Categories
Fortigate

Add denied sessions to session table

Fortinet published a SysAdmin Handbook article called "Adding denied sessions to session table" http://docs.fortinet.com/d/fortigate-adding-denied-sessions-to-session-table. In that article there is an error.

They have the process listed as

config system setting
set ses-denied-traffic enable
set block-session-timer 60
end

Where in fact the correct process to implement session blocking is

config system settings
set ses-denied-traffic enable
end

config system global
set block-session-timer 60
end