Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
DanieleS99
Contributor

Created on ‎03-09-2022 07:00 AM

Fortigate Check malicious IP list

Hello,
i am looking for a fast and efficient way to check if 800 or so ip addresses are contained in the fortigate blacklists.
Can you help me?

Thank you

Labels:
15359
0 Kudos
1 Solution
AlexC-FTNT
Staff
Staff
In response to DanieleS99

Created on ‎03-09-2022 08:07 AM Edited on ‎03-09-2022 08:11 AM

I don't think there is a possibility to run this check for multiple IPs.

You can list the entire internet-service database:

#diag firewall internet-service list

and run a script on the IPs in the list, but many of those IPs are listed as a range, so that will be problematic.

 

You can also use the API to retrieve this list:

 

https://fortigate.IP/api/v2/monitor/firewall/internet-service-details?city_id=0&count=5000&country_i...


- Toss a 'Like' to your fixxer, oh Valley of Plenty! and chose the solution, too00oo -

View solution in original post

15343
0 Kudos
4 REPLIES 4
AlexC-FTNT
Staff
Staff

Created on ‎03-09-2022 07:25 AM

Hello Daniele,
What feature exactly do you refer to? There are no blacklists dowloaded in the FortiGate.

The services used in the FortiGate are available here: https://www.fortiguard.com/ (scroll down). You can check the ISDB (not a blacklist) but can't check botnet IP reputation.
You can check the blacklisted IPs in any online tool - for example https://mxtoolbox.com/blacklists.aspx


- Toss a 'Like' to your fixxer, oh Valley of Plenty! and chose the solution, too00oo -
15292
0 Kudos
DanieleS99
Contributor
In response to AlexC-FTNT

Created on ‎03-09-2022 07:33 AM

Hi Alex,

sorry if I explained myself wrong. I mean that I would like to check if these ip are contained in the malicious lists reported on the Fortigate, such as in the Internet Service Database -> Malicious-Malicious.Server section, or Botnet-C & C. Server without having to check one ip address at a time but giving the whole list.

15289
0 Kudos
AlexC-FTNT
Staff
Staff
In response to DanieleS99

Created on ‎03-09-2022 08:07 AM Edited on ‎03-09-2022 08:11 AM

I don't think there is a possibility to run this check for multiple IPs.

You can list the entire internet-service database:

#diag firewall internet-service list

and run a script on the IPs in the list, but many of those IPs are listed as a range, so that will be problematic.

 

You can also use the API to retrieve this list:

 

https://fortigate.IP/api/v2/monitor/firewall/internet-service-details?city_id=0&count=5000&country_i...


- Toss a 'Like' to your fixxer, oh Valley of Plenty! and chose the solution, too00oo -
15344
0 Kudos
DanieleS99
Contributor
In response to AlexC-FTNT

Created on ‎03-10-2022 06:26 AM

Ok, thanks for the support

15258
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.