1. Validate the device has IP Reputation included on the associated license, that the reputation is active, and that the database date has been updated under System -> FortiGuard -> IP Reputation (see this document: IP Profile).

2. If the license is expired or FortiDDoS does not have it included, the IP Reputation or Domain Reputation must not be active under any SPP (if not subscribed, never enable IP Reputation (IP Reputation) or Domain Reputation).

• Go to Service Protection -> IP Profile (see IP Profile - FortiDDOS-F handbook) -> IP Reputation Categories (Disabled).

• Go to Service Protection -> DNS Profile (DNS profile - FortiDDOS F Handbook) -> Domain Reputation (Disabled).

Important notes:

Before FortiDDoS v7.0:

1. A small default IP Reputation database was included in the software.
2. If IP Reputation/Profile is enabled without a valid license, traffic drops will occur.
3. If a device had an active IP Rep subscription that later expired and the feature was left enabled, traffic drops will occur unless the feature is explicitly disabled.

Starting from FortiDDoS v7.2.0:

1. No default IP Rep database is included in the software.
2. If the subscription expires, the database is removed.

If further support is needed, open a case with the Fortinet TAC Team.

Related article:

Technical Tip: FortiDDoS commands to open a new ticket to TAC