Which feature in FortiGate can automatically block IP addresses exhibiting malicious behavior?

The feature that can automatically block IP addresses exhibiting malicious behavior is anomaly detection. This capability is integral to FortiGate’s security functions as it relies on identifying patterns that deviate from the norm, which are indicative of potential threats. Anomaly detection analyzes traffic and user behavior in real-time to uncover suspicious activities, such as unusual spikes in connection attempts, port scanning, or irregular communication patterns.

When such anomalies are detected, FortiGate can take action by automatically blocking or restricting the offending IP addresses. This proactive defense mechanism is crucial in responding swiftly to potential threats and mitigating risks before they can lead to more significant security incidents.

The other options do not serve the same purpose. VPN encryption is focused on securing data transmission, traffic shaping optimizes bandwidth usage without directly addressing malicious behavior, and content filtering is aimed at controlling accessible or blocked web content rather than actively detecting and blocking suspicious IPs. Thus, anomaly detection stands out as the feature specifically designed for identifying and mitigating threats through the automated blocking of malicious IP addresses.