| Description | This article describes how to create policies to block potentially malicious traffic using a simple incoming and/or outgoing policy with the supplied Internet Service Database Objects listed in the IP Reputation Database. |
| Scope | FortiOS 6.0 to 7.0. |
| Solution |
Go to Policy and Objects ->I nternet Service Database and collapse the entry for Internet Service Database in order to see the IP Reputation Database. The entries visible here will depend on the firmware version. Take a screenshot of these entries. This is what some of the entries look like on 6.0.
To create an outgoing deny policy, go to Policy and Objects -> IPv4 Policy, select 'Create New' and on the incoming interface, select the internal Interface (ie: LAN) and for the outgoing interface select the external interface (ie: WAN). Set the source to ALL.
Select Destination and when the popup appears, select Internet Service. Here it is possible to type in the names of the services from the screenshot to add them one at a time. It only needs a partial entry to find the object.
Example: Botnet for Botnet-C&C.Server.
Set the policy to Deny. This is an example with only one object set as the destination.
Once the policy is completed, move it above any other policies that might have the same destination so this traffic will hit first.
Note that some objects can only be used as destinations so it would work in this kind of outgoing policy. Some objects can only be used as sources, so use it in an incoming policy as the source, from WAN to LAN. Some show the direction as both and can be used in either source or destination fields.
These objects are updated dynamically by FortiGuard. |
