Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
DanieleS99
New Contributor III

Fortigate Check malicious IP list

Hello,
i am looking for a fast and efficient way to check if 800 or so ip addresses are contained in the fortigate blacklists.
Can you help me?

Thank you

1 Solution
AlexC-FTNT

I don't think there is a possibility to run this check for multiple IPs.

You can list the entire internet-service database:

#diag firewall internet-service list

and run a script on the IPs in the list, but many of those IPs are listed as a range, so that will be problematic.

 

You can also use the API to retrieve this list:

 

https://fortigate.IP/api/v2/monitor/firewall/internet-service-details?city_id=0&count=5000&country_i...


- Toss a 'Like' to your fixxer, oh Valley of Plenty! and chose the solution, too00oo -

View solution in original post

4 REPLIES 4
AlexC-FTNT
Staff
Staff

Hello Daniele,
What feature exactly do you refer to? There are no blacklists dowloaded in the FortiGate.

The services used in the FortiGate are available here: https://www.fortiguard.com/ (scroll down). You can check the ISDB (not a blacklist) but can't check botnet IP reputation.
You can check the blacklisted IPs in any online tool - for example https://mxtoolbox.com/blacklists.aspx


- Toss a 'Like' to your fixxer, oh Valley of Plenty! and chose the solution, too00oo -
DanieleS99

Hi Alex,

sorry if I explained myself wrong. I mean that I would like to check if these ip are contained in the malicious lists reported on the Fortigate, such as in the Internet Service Database -> Malicious-Malicious.Server section, or Botnet-C & C. Server without having to check one ip address at a time but giving the whole list.

AlexC-FTNT

I don't think there is a possibility to run this check for multiple IPs.

You can list the entire internet-service database:

#diag firewall internet-service list

and run a script on the IPs in the list, but many of those IPs are listed as a range, so that will be problematic.

 

You can also use the API to retrieve this list:

 

https://fortigate.IP/api/v2/monitor/firewall/internet-service-details?city_id=0&count=5000&country_i...


- Toss a 'Like' to your fixxer, oh Valley of Plenty! and chose the solution, too00oo -
DanieleS99

Ok, thanks for the support