New Member

Question

Import IP address file

Forum|Forum|4 years ago
December 28, 2021
6 replies
20182 views

Hello,
I have to block hundreds of IP addresses because of the flaw we all know.
However, I have a version of my fortigate 200D that is in 6.0, the latest version supported by my hardware.
When I import my file with the ips, there is no problem, I see it perfectly. Except that I can't, when I create a rule, find the famous import file to block the ips. Indeed, I have followed dozens of tutorials, but nothing works.
I would need a little help to explain me how to block the ips with my imported file.
Thank you for your help

FortiGate

Debbie_FTNT

Staff & Editor

Hey tamiatag,

how did you import the IPs exactly? Did you upload a script, or follow a specific guide?

Most of what I've seen would generate address objects automatically based on imported IPs, so when you create a policy you have to use the address object(s) created by your IP import.

tamiatagAuthor

New Member

Thanks for your answer.
In fact, I import my file via the "fabric connectors" menu, creating an "ip address threat feed". My file imports correctly and I see the Ips in it.

However, when I create it, it tells me that it will be visible in "dns", but not in IPV'4. Now, I want to create a firewall rule that blocks all Ips from this file! But in the rule creation, this file does not appear.

Debbie_FTNT

Staff & Editor

Hey tamiatag,

thanks for clarifying :).

I think this is what you're looking for:
https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/891236/external-block-list-threat-feed-policy
If it's not that, let me know and I'll see what else I can dig up :)

ede_pfau

SuperUser

hi,

after reading up the v6.0 Handbook on Fabric connectors, I'd say that in that version you can not use the imported list in IPv4 policies directly (that is, in the source or destination address field). If a DNS filter would suffice, you can do that in v6.0. It will block the IP resolution of FQDNs used for HTTP(S) policies.

Without really being ashamed, I'd like to point to my blog where I offer a Python script for importing arbitrary long IP lists into IPv4 address objects and address groups (https://www.beneicke-edv.de/?page_id=999#ext_blacklists). Maybe it's of help for you, though it's not as elegant as a Fabric connector, as you'd need Python installed and the objects are not updated dynamically.

Debbie_FTNT

Staff & Editor

Ah, I don't think that link works anymore. I get "Diese Seite gibt es leider nicht." when trying to access your link, Ede. I also searched for "python script address", but this did not provide any results either.

You can upload files (like the script) to this thread though :)

ede_pfau

SuperUser

I've fixed it a couple of minutes ago, sorry. The lighter side of it is, it's in English.

tamiatagAuthor

New Member

Thank you for your feedback, I'll let you know soon.

ede_pfau

SuperUser

I am sorry for this. I've updated the script for Python 3, fixed syntax errors and tested it (in v3.8). I have removed the executable as well, as it was the old version.

tamiatagAuthor

New Member

Okay, I'll download again and let you know.

ede_pfau

SuperUser

After some re-working on my script, it's now more robust to invalid inputs and fully supports the hosts.deny syntax, as well as a plain text file with one line per IP as input.

I thought of attaching the script here but at 520 lines length it would not really fit in here. I have republished it on my website.

tamiatagAuthor

New Member

Good evening,
Thank you very much for your work and your help, also by email.
eHopefully this topic will help some of you.
Good evening to you

ede_pfau

SuperUser

Bonne année! próspero...em, I only talk Python.

HTH.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded