Hot!Block known malicious IP addresses

Author
flamer
New Member
  • Total Posts : 19
  • Scores: 0
  • Reward points: 0
  • Joined: 2014/05/07 22:12:49
  • Status: offline
2018/11/25 18:42:17 (permalink)
0

Block known malicious IP addresses

Hello, on a fortigate f/w how do we go about using the fortiguard IP reputation blacklist? I see a lot of reference to it, but cannot figure out how to set it up. Im not interested in block DNS request to know C&C sites, I want to block all trfafic coming in our going out to a known bad Ip address. fortigate version: 5.6
 
Thanks!
#1

3 Replies Related Threads

    humblePie
    New Member
    • Total Posts : 2
    • Scores: 0
    • Reward points: 0
    • Status: offline
    Re: Block known malicious IP addresses 2019/11/06 14:00:13 (permalink)
    0
    Did you ever figure out how to update the Malicious URLs database?  I've got the same issue and have yet to figure out how to get it downloaded.
    Thanks.
    #2
    flamer
    New Member
    • Total Posts : 19
    • Scores: 0
    • Reward points: 0
    • Joined: 2014/05/07 22:12:49
    • Status: offline
    Re: Block known malicious IP addresses 2019/11/06 15:34:03 (permalink)
    0
    Hi no we didn't but I found a different feature that I think is better (can use some public lists or your own list) and attach it to the policies on your Internet interface - 
     
    https://docs.fortinet.com/document/fortigate/6.0.0/cookbook/85580
    #3
    AKrause
    Gold Member
    • Total Posts : 216
    • Scores: 6
    • Reward points: 0
    • Joined: 2006/07/21 01:58:16
    • Location: Germany
    • Status: offline
    Re: Block known malicious IP addresses 2019/11/12 06:03:18 (permalink)
    0
    Block known malicious IP addresses can be done via CLI per interface or per policy:
     
    config sys interface , edit XXX
      OR
    config firewall policy, edit XXX
     
     # set scan-botnet-connections
           disable Do not scan connections to botnet servers.
           block Block connections to botnet servers.
           monitor Log connections to botnet servers.
     
    However the malicious IP/Domain Database is poorly maintained by Fortinet. It seems that known malicious hosts are put to Webfilter / Malicious Websites currently. 
     
    But thanks for pointing out the Threat Feed Option in FortiOS 6.x Security Fabric! Seems to be a good alternative.
     
    best regards
    Andreas
    #4
    Jump to:
    © 2019 APG vNext Commercial Version 5.5