Fortinet black logo

Botnet C&C IP blocking

Copy Link
Copy Doc ID 7baf92cc-633b-11ec-bdf2-fa163e15d75b:723311
Download PDF

Botnet C&C IP blocking

The Botnet C&C section consolidates multiple botnet options in the IPS profile. This allows you to enable botnet blocking across all traffic that matches the policy by configuring one setting in the GUI, or by the scan-botnet-connection command in the CLI.

To configure botnet C&C IP blocking using the GUI:
  1. Go to Security Profiles > Intrusion Prevention.
  2. Edit an existing IPS profile, or create a new one.
  3. Set Scan Outgoing Connections to Botnet Sites to Block or Monitor.

  4. Configure the other settings as required.
  5. Click Apply. Botnet C&C IP is now enabled for the sensor.
  6. Add this sensor to the firewall policy.

    The IPS engine will scan outgoing connections to botnet sites. If you access a botnet IP, an IPS log is generated for this attack.

  7. Go to Log & Report > Intrusion Prevention to view the log.
To configure botnet C&C IP blocking using the CLI:
config ips sensor
	edit "Demo"
		set scan-botnet-connections {block | monitor}
	next
end
Note

If you are running version 6.0.x or older then it can be configured in under one of the following sections:

Botnet C&C IP blocking

The Botnet C&C section consolidates multiple botnet options in the IPS profile. This allows you to enable botnet blocking across all traffic that matches the policy by configuring one setting in the GUI, or by the scan-botnet-connection command in the CLI.

To configure botnet C&C IP blocking using the GUI:
  1. Go to Security Profiles > Intrusion Prevention.
  2. Edit an existing IPS profile, or create a new one.
  3. Set Scan Outgoing Connections to Botnet Sites to Block or Monitor.

  4. Configure the other settings as required.
  5. Click Apply. Botnet C&C IP is now enabled for the sensor.
  6. Add this sensor to the firewall policy.

    The IPS engine will scan outgoing connections to botnet sites. If you access a botnet IP, an IPS log is generated for this attack.

  7. Go to Log & Report > Intrusion Prevention to view the log.
To configure botnet C&C IP blocking using the CLI:
config ips sensor
	edit "Demo"
		set scan-botnet-connections {block | monitor}
	next
end
Note

If you are running version 6.0.x or older then it can be configured in under one of the following sections: