Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
flamer
New Contributor II

Block known malicious IP addresses

Hello, on a fortigate f/w how do we go about using the fortiguard IP reputation blacklist? I see a lot of reference to it, but cannot figure out how to set it up. Im not interested in block DNS request to know C&C sites, I want to block all trfafic coming in our going out to a known bad Ip address. fortigate version: 5.6

 

Thanks!

3 REPLIES 3
humblePie
New Contributor II

Did you ever figure out how to update the Malicious URLs database?  I've got the same issue and have yet to figure out how to get it downloaded.

Thanks.

Fortigate 30E FortiOS v6.0.12 build0419 (GA)

Fortigate 30E FortiOS v6.0.12 build0419 (GA)
flamer
New Contributor II

Hi no we didn't but I found a different feature that I think is better (can use some public lists or your own list) and attach it to the policies on your Internet interface - 

 

https://docs.fortinet.com/document/fortigate/6.0.0/cookbook/85580

AKrause

Block known malicious IP addresses can be done via CLI per interface or per policy:

 

config sys interface , edit XXX

  OR

config firewall policy, edit XXX

 

 # set scan-botnet-connections        disable Do not scan connections to botnet servers.        block Block connections to botnet servers.        monitor Log connections to botnet servers.

 

However the malicious IP/Domain Database is poorly maintained by Fortinet. It seems that known malicious hosts are put to Webfilter / Malicious Websites currently. 

 

But thanks for pointing out the Threat Feed Option in FortiOS 6.x Security Fabric! Seems to be a good alternative.

 

best regards

Andreas

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors