A lot of Brute Force attack to the mail services and I have to create Firewall Rule to block the bad IP daily basis.
I have Fortigate firewall and want to deploy the feature " IP Reputation Filtering" to block the incoming / outgoing traffic .
Following sample IP address doing burte force attck , they can be found from the web site www.abuseipdb.com and IBM xforce.
But I can not found the corresponding IP address from the Fortiguard web site.
Is Fortigate IP Reputation Filtering suitable for this application / filtering ?
Sure this can be done via CLI.. Check this link.
you could also look into threat feeds - FortiGate can access external lists of IPs for example, and use the lists to block those IPs.
Have a look here:https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/9463/threat-feeds
The Threat Feeds feature is very interesting. I reading the document and will try it later.
I using FortiOS 6.4.5 and trying to create IP Address Threat Feeds in the VDOM "DMZ".
But the system allows me to create new "EndPoint / Identity " only. The Threat Feeds is not available.....
The Threat Feeds avaliable in the VDOM Global only . . ..
I just found that, the Thread Feeds per VDOM is the feature available on 7.0+ software release.
I tried to use the diagnose command to check the existance of the suspected IP in the Fortigate ISDB , but nothing retured from the system.
It seems they are not classified as BAD IP in Fortinet database.
NAT-FW(global) # diagnose internet-service match DMZ 126.96.36.199 255.255.255.255
NAT-FW(global) # diagnose internet-service match DMZ 188.8.131.52 255.255.255.255
NAT-FW(global) # diagnose internet-service match DMZ 184.108.40.206 255.255.255.255
NAT-FW(global) # diagnose internet-service match DMZ 220.127.116.11 255.255.255.255
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.