Fortinet Document Library

Version:

Version:

Version:

Version:

Version:


Table of Contents

Handbook

Configure IP reputation black list

Upload the source IP's or CIDRs that you want the ADC to block in the IP reputation black list. When these source IP's try to access the VS, the connection will fail. You can create IP/Netmask or IP Range type black list, back up or restore files.

The content of IP reputation black list file should be coded in ASCII and every line can be a IP netmask or IP address range. There can be 256 IP netmasks or IP address ranges in the file. It looks like this:

192.168.1.1-192.168.1.10

172.16.1.1-172.16.2.100

10.1.1.0/24

20.1.1.0/24

You use the Restore utility to import the file and the Back Up utility to export it.

You use the Clean utility to erase entries that were imported from the text file. The clean operation does not affect the user-configured entries.

To create an IP Reputation black list:
  1. Go to Network Security > IP Reputation
  2. Click the IP Reputation Black List tab to Create New black lists as described in IP Reputation black list.
  3. Click Save.

IP Reputation black list

Settings Guidelines

Status

Enable or disable the exception. You might have occasion to toggle the exception off and on.

Type

  • IP/netmask: Select this option to allow a specified IP address to pass through.
  • IP Range: Select this option to allow a specified range of IP addresses to pass through.

IP/Netmask

If IP/netmask is selected in the Type field above, specify a subnet using the address/mask notation.

Start IP / End IP

If IP Range is selected in the Type field above, specify the starting address and ending address of the IP range.

Configure IP reputation black list

Upload the source IP's or CIDRs that you want the ADC to block in the IP reputation black list. When these source IP's try to access the VS, the connection will fail. You can create IP/Netmask or IP Range type black list, back up or restore files.

The content of IP reputation black list file should be coded in ASCII and every line can be a IP netmask or IP address range. There can be 256 IP netmasks or IP address ranges in the file. It looks like this:

192.168.1.1-192.168.1.10

172.16.1.1-172.16.2.100

10.1.1.0/24

20.1.1.0/24

You use the Restore utility to import the file and the Back Up utility to export it.

You use the Clean utility to erase entries that were imported from the text file. The clean operation does not affect the user-configured entries.

To create an IP Reputation black list:
  1. Go to Network Security > IP Reputation
  2. Click the IP Reputation Black List tab to Create New black lists as described in IP Reputation black list.
  3. Click Save.

IP Reputation black list

Settings Guidelines

Status

Enable or disable the exception. You might have occasion to toggle the exception off and on.

Type

  • IP/netmask: Select this option to allow a specified IP address to pass through.
  • IP Range: Select this option to allow a specified range of IP addresses to pass through.

IP/Netmask

If IP/netmask is selected in the Type field above, specify a subnet using the address/mask notation.

Start IP / End IP

If IP Range is selected in the Type field above, specify the starting address and ending address of the IP range.