Hello, on a fortigate f/w how do we go about using the fortiguard IP reputation blacklist? I see a lot of reference to it, but cannot figure out how to set it up. Im not interested in block DNS request to know C&C sites, I want to block all trfafic coming in our going out to a known bad Ip address. fortigate version: 5.6
Thanks!
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Did you ever figure out how to update the Malicious URLs database? I've got the same issue and have yet to figure out how to get it downloaded.
Thanks.
Fortigate 30E FortiOS v6.0.12 build0419 (GA)
Hi no we didn't but I found a different feature that I think is better (can use some public lists or your own list) and attach it to the policies on your Internet interface -
https://docs.fortinet.com/document/fortigate/6.0.0/cookbook/85580
Block known malicious IP addresses can be done via CLI per interface or per policy:
config sys interface , edit XXX
OR
config firewall policy, edit XXX
# set scan-botnet-connections disable Do not scan connections to botnet servers. block Block connections to botnet servers. monitor Log connections to botnet servers.
However the malicious IP/Domain Database is poorly maintained by Fortinet. It seems that known malicious hosts are put to Webfilter / Malicious Websites currently.
But thanks for pointing out the Threat Feed Option in FortiOS 6.x Security Fabric! Seems to be a good alternative.
best regards
Andreas
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1692 | |
1087 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.