Skip to main content
flamer
flamer
New Member
November 26, 2018
Question

Block known malicious IP addresses

  • November 26, 2018
  • 1 reply
  • 19241 views

Hello, on a fortigate f/w how do we go about using the fortiguard IP reputation blacklist? I see a lot of reference to it, but cannot figure out how to set it up. Im not interested in block DNS request to know C&C sites, I want to block all trfafic coming in our going out to a known bad Ip address. fortigate version: 5.6

 

Thanks!

    1 reply

    humblePie
    humblePie
    New Member
    November 6, 2019

    Did you ever figure out how to update the Malicious URLs database?  I've got the same issue and have yet to figure out how to get it downloaded.

    Thanks.

    flamer
    flamerAuthor
    New Member
    November 6, 2019

    Hi no we didn't but I found a different feature that I think is better (can use some public lists or your own list) and attach it to the policies on your Internet interface - 

     

    https://docs.fortinet.com/document/fortigate/6.0.0/cookbook/85580

    AKrause
    AKrause
    New Member
    November 12, 2019

    Block known malicious IP addresses can be done via CLI per interface or per policy:

     

    config sys interface , edit XXX

      OR

    config firewall policy, edit XXX

     

     # set scan-botnet-connections        disable Do not scan connections to botnet servers.        block Block connections to botnet servers.        monitor Log connections to botnet servers.

     

    However the malicious IP/Domain Database is poorly maintained by Fortinet. It seems that known malicious hosts are put to Webfilter / Malicious Websites currently. 

     

    But thanks for pointing out the Threat Feed Option in FortiOS 6.x Security Fabric! Seems to be a good alternative.

     

    best regards

    Andreas

    Terms & ConditionsAccessibility statement