Help
Cybersecurity Forum

This forum is for all security enthusiasts to discuss Fortinet's latest & evolving technologies and to connect & network with peers in the cybersecurity hemisphere. Share and learn on a broad range of topics like best practices, use cases, integrations and more. For support specific questions/resources, please visit the Support Forum or the Knowledge Base.

DeepKuma2
Contributor

Created on ‎06-08-2018 11:19 PM

Import Spamhaus DROP live IP list and block on firewall

Hi,

I want to block some WAN IPs (LAN to WAN & WAN to LAN) on the 300D firewall but the issue is that this is a third party live list in text format (https://myip.ms/files/blacklist/general/latest_blacklist.txt).

How will I import this txt list on the firewall and block? 

 

Regards,

Deepak Kumar

Deepak Kumar First Option General Trading LLC Dubai
Deepak Kumar First Option General Trading LLC Dubai
Labels:
639
0 Kudos
7 REPLIES 7
PC
New Contributor III

Created on ‎06-09-2018 03:42 AM

There is likely a nice scripting way but I typically take lists like this into Excel and create a column with the IP and one with the name. I then create a formula that creates in a third column the commands needed to add each object with a special character like % between each line. Lastly I copy the third column into a text editor and replace the % with a carriage return. I then have the CLI command to add all my objects. To add the group I do pretty much the same. Plan to add more scripting skills but for now this works and once I have it created I can add new IPs if they come out and only modify slightly.

Regards,


Peter

From: Deepak Kumar, 12330, Network Admin via Firewall:
Sent: Saturday, June 9, 2018 5:19 AM
To: firewall@lists.fusecommunity.fortinet.com
Subject: [Firewall:] - Import Spamhaus DROP live IP list and block on firewall


Hi,

I want to block some WAN IPs (LAN to WAN & WAN to LAN) on the 300D firewall but the issue is that this is a third party live list in text format (https://myip.ms/files/blacklist/general/latest_blacklist.txt).

How will I import this txt list on the firewall and block?



Regards,

Deepak Kumar

-----End Original Message-----
635
0 Kudos
rmoussa
Contributor

Created on ‎06-09-2018 05:30 AM

Hi,

Usually i do this kind of tasks using Excel, backup your fortigate and open the file and check the black list part syntax and create similar one in excel for all the 300 entries.

Rony Moussa

NSE Certified : Level 8

Rony Moussa
Fortinet NSE Certified: Level 8
Rony MoussaFortinet NSE Certified: Level 8
635
0 Kudos
DeepKuma2
Contributor
In response to rmoussa

Created on ‎06-09-2018 05:59 AM

Hi.

Thanks for the answer. But this is an auto-update list, It will refresh on every 4 hours. So I think this is not a good idea to update manually. Is there any way to update it automatically with cron or scripts?

 

Regards,

Deepak Kumar

Deepak Kumar First Option General Trading LLC Dubai
Deepak Kumar First Option General Trading LLC Dubai
635
0 Kudos
PC
New Contributor III
In response to DeepKuma2

Created on ‎06-09-2018 06:02 AM

You definitely could do it. Would be an interesting project to reach out and get the data then parse and create a CLI configuration which you could then apply, likely through the APIs.

Regards,


Peter Cook

From: Deepak Kumar, 12330, Network Admin via Firewall:
Sent: Saturday, June 9, 2018 11:59 AM
To: firewall@lists.fusecommunity.fortinet.com
Subject: [Firewall:] - RE: Import Spamhaus DROP live IP list and block on firewall


Hi.

Thanks for the answer. But this is an auto-update list, It will refresh on every 4 hours. So I think this is not a good idea to update manually. Is there any way to update it automatically with cron or scripts.



Regards,

Deepak Kumar

-----End Original Message-----
635
0 Kudos
DeepKuma2
Contributor
In response to PC

Created on ‎06-09-2018 06:55 AM

HI,

Can I get a reference document or URL for the same?

 

Regards,

Deepak Kumar

NSE4

Deepak Kumar First Option General Trading LLC Dubai
Deepak Kumar First Option General Trading LLC Dubai
635
0 Kudos
rmoussa
Contributor
In response to PC

Created on ‎06-10-2018 12:04 AM

Did you tried with External Resources featire in FortiOS 6.0.0 ?

Regards
Rony

On Jun 9, 2018 7:38 PM, "Peter Cook via Firewall:" wrote:
You definitely could do it. Would be an interesting project to reach out and get the data then parse and create a CLI configuration which you could then apply, likely through the APIs.

Regards,


Peter Cook

From: Deepak Kumar, 12330, Network Admin via Firewall:
Sent: Saturday, June 9, 2018 11:59 AM
To: firewall@lists.fusecommunity.fortinet.com
Subject: [Firewall:] - RE: Import Spamhaus DROP live IP list and block on firewall


Hi.

Thanks for the answer. But this is an auto-update list, It will refresh on every 4 hours. So I think this is not a good idea to update manually. Is there any way to update it automatically with cron or scripts.



Regards,

Deepak Kumar

-----End Original Message-----

-----End Original Message-----
Rony Moussa
Fortinet NSE Certified: Level 8
Rony MoussaFortinet NSE Certified: Level 8
635
0 Kudos
DeepKuma2
Contributor
In response to rmoussa

Created on ‎06-10-2018 11:18 PM

Hi,

Thanks for a great information. I got your point. Let me upgrade to 6.0 and will try it.

 

Regards,

Deepak Kumar

NSE4

Deepak Kumar First Option General Trading LLC Dubai
Deepak Kumar First Option General Trading LLC Dubai
635
0 Kudos
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.