Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
vvserpent
New Contributor II

FortiGate IP Reputation Filtering

Hi,

 

A lot of  Brute Force attack to the mail services and I have to create Firewall Rule to block the bad IP daily basis. 

 

I have Fortigate firewall and want to deploy the feature " IP Reputation Filtering" to block the incoming / outgoing traffic . 

 

Following sample IP address doing burte force attck , they can be found from the web site    www.abuseipdb.com and IBM xforce. 

 

187.8.227.238
186.201.17.22
200.159.82.62
200.148.241.166

But I can not found the corresponding IP address from the Fortiguard web site. 

 

Is Fortigate IP Reputation Filtering suitable for this application / filtering ? 

 

6 REPLIES 6
AEK
Honored Contributor

AEK
Debbie_FTNT
Staff
Staff

Hey vvserpent,

you could also look into threat feeds - FortiGate can access external lists of IPs for example, and use the lists to block those IPs.

Have a look here:
https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/9463/threat-feeds

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
vvserpent

The Threat Feeds feature is very interesting.  I reading the document and will try it later. 

 

vvserpent

Dear Debbie,

 

I using FortiOS 6.4.5 and trying to create IP Address Threat Feeds in the VDOM "DMZ". 

But the system allows me to create new "EndPoint / Identity " only.  The Threat Feeds is not available.....

 

The Threat Feeds avaliable in the VDOM Global only . . .. 

 

vvserpent
New Contributor II

Dear Debbie,

 

I just found that, the Thread Feeds per VDOM is the feature available  on 7.0+  software release.

vvserpent
New Contributor II

I tried to use the diagnose command to check the existance of the suspected IP in the Fortigate ISDB , but nothing retured from the system. 

 

It seems they are not classified as BAD IP in Fortinet database. 

 

NAT-FW(global) # diagnose internet-service match DMZ 187.8.227.238 255.255.255.255

NAT-FW(global) # diagnose internet-service match DMZ 186.201.17.22 255.255.255.255

NAT-FW(global) # diagnose internet-service match DMZ 200.159.82.62 255.255.255.255

NAT-FW(global) # diagnose internet-service match DMZ 200.148.241.166 255.255.255.255

Labels
Top Kudoed Authors