Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Mohammed_Feroz
Staff
Staff

Created on ‎03-20-2023 11:12 PM Edited on ‎03-20-2023 11:13 PM By Community Manager

Article Id 249760

Technical Tip: Blocking Potential threats over Internet service database

Description

This article explains how to block the below over Internet Server Database:


Blockchain-Crypto.Mining.Pool (can be used only as Destination address)
Botnet-C&C.Server
Malicious-Malicious.Server
Phishing-Phishing.Server
Proxy-Proxy.Server
Spam-Spamming.Server
Tor-Exit.Node (can be used only as source address)
Tor-Relay.Node
VPN-Anonymous.VPN
Scope FortiGate.
Solution

Internet service Database has 2 fields:

 

1) Predefined Internet Services (known reputed sites).
2) IP Reputation Database (Potential threat sites).

 

Threat sites can be blocked by setting a minimum reputation value on the firewall policy over CLI or by using IP reputation in the internet service database.

Using the internet service database gives us the advantage of using more specific categories on the firewall policy 

 

In the below example, an outbound block rule has been configured to stop potential threat websites:

 

policy.jpg

 

Block Logs:

 

log.jpg

 

Refer to the below article to set the minimum reputation value on the firewall policy:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-IP-reputation-in-policies-and-fallthrough/...
409
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.​

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2023 Fortinet, Inc. All Rights Reserved.