Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
WebGregGit
New Contributor

Block traffic with IP from the black list (not only spam)

Hi

 

I have FortiGate 200F. 

 

I detect various disturbing connections from different addresses. At the moment, the intense ones - I manually add to the blocked. Unfortunately, it is not effective and very engaging.

These addresses are usually on some blacklists, such as zen.spamhaus.org. I am sure that a device of this class can automate the blocking of traffic coming from addresses on blacklists. But I don't know how to set it up. Any advice?

 

Security Profiles > DNS Filter > profile > External IP Block Lists options. 

Is this the right direction?

 

Do you have any addresses attached to them that you can share?

11 REPLIES 11
dairu
New Contributor II

I believe only plain text file format are accepted if you use IP Address External Connector, that's why it says bad format.

 

As for the huge traffic on port 53, as @gfleming mentioned, if you do not need the inbound access to port 53, you may want to consider to disabled it. 

 

Are you somehow allowing external access to your internal resources like a webserver or application server ? if yes, I suggest to only open the needed ports like 80, 443, etc.

scan888

Hi @WebGregGit 

As @dairu mention, only plain text with one IP or FQDN per line is accepted. 

all other formats are invalid.

 

At home I are using the following lists:

https://lists.blocklist.de/lists/all.txt

https://gist.githubusercontent.com/BBcan177/4a8bf37c131be4803cb2/raw

https://iplists.firehol.org/files/firehol_level1.netset

 

I hope that helps.

- Have you found a solution? Then give your helper a "Like" and mark the solution.