Block specific outgoing IP address on a FortGate 100E Firewall


I have need to block specific external IP addresses from being reached. The firewall is a FortiGate 100E appliance.
This can be done because I was shown once recently but have since forgotten how .  
I essentially want to stop all outgoing traffic to reach the IPs - completely block. No DNS names, all IP.

The reason is to block known mailicious IPs and discovered IPs that viruses attempt to send data to while I address the issues as a delayed response tech - at least I can remote in and block the IPs from being reached until I get onsite or perform remote sessions.

Please advise how to do so via the GUI, not just CLI. Or, both ways but definitely via GUI. Editing Host files is not an option.

Thanks in advance for your assistance.
LVL 14
Michael MachieFull-time technical multi-taskerAsked:
Who is Participating?
Garry GlendownConsulting and Network/Security SpecialistCommented:
Go to the firewall policies, and for the interface pairing of the inside to the outside interface, insert a new policy at the beginning with "deny" for the specific destination IP. You will have to create the appropriate IP object, which you can do inside the interface.
Depending on the OS version it could look something like this:
Policy definition
Michael MachieFull-time technical multi-taskerAuthor Commented:
Thanks Garry. I will get onto that system and try this out.

Need to inform you that Im not able to do this work remotely just yet - this new device is being installed over the weekend, so I'll send an update as soon as I have one but it will be at least after the weekend.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.