FortiGate IP Reputation Filtering

Hi,

A lot of Brute Force attack to the mail services and I have to create Firewall Rule to block the bad IP daily basis.

I have Fortigate firewall and want to deploy the feature " IP Reputation Filtering" to block the incoming / outgoing traffic .

Following sample IP address doing burte force attck , they can be found from the web site www.abuseipdb.com and IBM xforce.

187.8.227.238
186.201.17.22
200.159.82.62
200.148.241.166

But I can not found the corresponding IP address from the Fortiguard web site.

Is Fortigate IP Reputation Filtering suitable for this application / filtering ?

SuperUser

Sure this can be done via CLI.. Check this link.

AEK

Staff & Editor

Hey vvserpent,

you could also look into threat feeds - FortiGate can access external lists of IPs for example, and use the lists to block those IPs.

Explorer

The Threat Feeds feature is very interesting. I reading the document and will try it later.

Explorer

I tried to use the diagnose command to check the existance of the suspected IP in the Fortigate ISDB , but nothing retured from the system.

It seems they are not classified as BAD IP in Fortinet database.

NAT-FW(global) # diagnose internet-service match DMZ 187.8.227.238 255.255.255.255

NAT-FW(global) # diagnose internet-service match DMZ 186.201.17.22 255.255.255.255

NAT-FW(global) # diagnose internet-service match DMZ 200.159.82.62 255.255.255.255

NAT-FW(global) # diagnose internet-service match DMZ 200.148.241.166 255.255.255.255

Sign up