Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
vvserpent
New Contributor II

Created on ‎05-31-2022 02:03 AM

FortiGate IP Reputation Filtering

Hi,

 

A lot of  Brute Force attack to the mail services and I have to create Firewall Rule to block the bad IP daily basis. 

 

I have Fortigate firewall and want to deploy the feature " IP Reputation Filtering" to block the incoming / outgoing traffic . 

 

Following sample IP address doing burte force attck , they can be found from the web site    www.abuseipdb.com and IBM xforce. 

 

187.8.227.238
186.201.17.22
200.159.82.62
200.148.241.166

But I can not found the corresponding IP address from the Fortiguard web site. 

 

Is Fortigate IP Reputation Filtering suitable for this application / filtering ? 

 

Labels:
5129
0 Kudos
6 REPLIES 6
AEK
SuperUser
SuperUser

Created on ‎05-31-2022 07:43 AM

Sure this can be done via CLI.. Check this link.

https://docs.fortinet.com/document/fortigate/7.0.5/administration-guide/68937/ip-reputation-filterin...

 

AEK
AEK
5088
0 Kudos
Debbie_FTNT
Staff
Staff

Created on ‎06-01-2022 12:40 AM

Hey vvserpent,

you could also look into threat feeds - FortiGate can access external lists of IPs for example, and use the lists to block those IPs.

Have a look here:
https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/9463/threat-feeds

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
5069
vvserpent
New Contributor II
In response to Debbie_FTNT

Created on ‎06-01-2022 12:56 AM

The Threat Feeds feature is very interesting.  I reading the document and will try it later. 

 

5067
0 Kudos
vvserpent
New Contributor II
In response to Debbie_FTNT

Created on ‎06-01-2022 01:27 AM

Dear Debbie,

 

I using FortiOS 6.4.5 and trying to create IP Address Threat Feeds in the VDOM "DMZ". 

But the system allows me to create new "EndPoint / Identity " only.  The Threat Feeds is not available.....

 

The Threat Feeds avaliable in the VDOM Global only . . .. 

 

5059
0 Kudos
vvserpent
New Contributor II
In response to vvserpent

Created on ‎06-01-2022 02:07 AM

Dear Debbie,

 

I just found that, the Thread Feeds per VDOM is the feature available  on 7.0+  software release.

5056
0 Kudos
vvserpent
New Contributor II

Created on ‎06-01-2022 01:07 AM

I tried to use the diagnose command to check the existance of the suspected IP in the Fortigate ISDB , but nothing retured from the system. 

 

It seems they are not classified as BAD IP in Fortinet database. 

 

NAT-FW(global) # diagnose internet-service match DMZ 187.8.227.238 255.255.255.255

NAT-FW(global) # diagnose internet-service match DMZ 186.201.17.22 255.255.255.255

NAT-FW(global) # diagnose internet-service match DMZ 200.159.82.62 255.255.255.255

NAT-FW(global) # diagnose internet-service match DMZ 200.148.241.166 255.255.255.255

5065
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.