FortiWeb leverages IP reputation as a critical defense mechanism, analyzing the past activities of IP addresses to identify and block potentially malicious traffic. By mitigating risks associated with web application vulnerabilities, DDoS attacks, and unauthorized access attempts, FortiWeb's IP reputation feature empowers organizations to strengthen their security posture.

1. Verify IP Reputation DB version update.

Navigate to System -> Config -> FortiGuard:

Subsequently, verify the latest DB version release on the FortiGuard website:
https://www.fortiguard.com/services/botnet

     2. IP Reputation Policy action to prevent threat actors.

Navigate to IP Protection -> IP Reputation:

By default, FortiWeb takes action against a poor IP address’s reputation by ‘Block Period’ for 60 seconds.

Ensure IP Reputation is turned on in the respective Web Protection Profile.

     3. Blocklisting IP addresses manually.

Navigate to IP Protection -> IP List

1. Create an IP List policy.
2. Create an IP List Policy Member and specify the malicious IP address with its type.
3. Associate IP List policy to respective Web Protection Profile.

Related document:

https://docs.fortinet.com/document/fortiweb/7.2.3/administration-guide/811256/ip-list-blocklisting-w...

     4. Submit re-evaluation request of the malicious IP address.

Threat actors may use IP addresses that are not updated in the latest IP Reputation DB.

In such cases, a request can be submitted to FortiGuard to re-evaluate the IP address.

https://www.fortiguard.com/faq/contact-web-security

Refer to FortiWeb Administrator Guide for more information regarding IP Reputation:
https://docs.fortinet.com/document/fortiweb/7.2.3/administration-guide/608374/ip-reputation-blocklis...