Fortinet Document Library

Version:

Version:

Version:

Version:


Table of Contents

Handbook

Download PDF
Copy Link

Managing IP Reputation policy settings

The FortiGuard IP Reputation service provides a database of known compromised or malicious client IP addresses. The database is updated periodically.

The IP Reputation configuration allows you to specify the action the system takes when an SLB virtual server receives traffic from a client with an IP address on the list. IP Reputation actions lists limitations for IP Reputation actions.

IP Reputation actions

Action   Profile Limitations

Pass

IPv4 only

Not supported for RADIUS.

Deny

IPv4 only

Not supported for RADIUS.

Redirect

IPv4 only

Not supported for RADIUS, FTP, TCP, UDP.

Send 403 Forbidden

IPv4 only

Not supported for RADIUS, FTP, TCP, UDP.

Note: IP Reputation is also not supported for Layer 4 virtual servers when the Packet Forwarding Mode is Direct Routing.

Basic Steps
  1. Configure the connection to FortiGuard so the system can receive periodic IP Reputation Database updates. See Configuring FortiGuard service settings.
  2. Optionally, customize the actions you want to take when the system encounters a request from a source IP address that matches the list; and add exceptions. If a source IP address appears on the exceptions list, the system does not look it up on the IP Reputation list. See below.
  3. Enable IP Reputation in the profiles you associate with virtual servers. See Configuring Application profiles.

Before you begin:

  • You must have Read-Write permission for Firewall settings.
To customize IP Reputation policy rules:
  1. Go to Network Security > IP Reputation.
  2. Make sure to select the IP Reputation tab, which displays all IP reputation policy configuration in FortiADC.
  3. Click a policy or the corresponding Edit icon to open the IP Reputation editor.
  4. Make the desired changes as described in IP Reputation policy configuration.
  5. Click Save.

IP Reputation policy configuration

Settings Guidelines

Category

Depending the configuration on FortiGuard IP Reputation service, the IP reputation policy can be one of the following categories:

  • Botnet
  • Anonymous Proxy
  • Phishing
  • Spam
  • Others
  • Black List

Status

Enable or disable the category.

Action

  • Pass
  • Deny
  • Redirect
  • Send 403 Forbidden

Note: Layer 4 and TCPS virtual servers do not support Redirect or Send 403 Forbidden. If you apply an IP Reputation configuration that uses these options to a Layer 4 or TCPS virtual server, FortiADC logs the action as Redirect or Send 403 Forbidden but in fact denies the traffic.

Severity

The severity to apply to the event. Severity is useful when you filter and sort logs:

  • Low
  • Medium
  • High

Log

Enable or disable logging.

Managing IP Reputation policy settings

The FortiGuard IP Reputation service provides a database of known compromised or malicious client IP addresses. The database is updated periodically.

The IP Reputation configuration allows you to specify the action the system takes when an SLB virtual server receives traffic from a client with an IP address on the list. IP Reputation actions lists limitations for IP Reputation actions.

IP Reputation actions

Action   Profile Limitations

Pass

IPv4 only

Not supported for RADIUS.

Deny

IPv4 only

Not supported for RADIUS.

Redirect

IPv4 only

Not supported for RADIUS, FTP, TCP, UDP.

Send 403 Forbidden

IPv4 only

Not supported for RADIUS, FTP, TCP, UDP.

Note: IP Reputation is also not supported for Layer 4 virtual servers when the Packet Forwarding Mode is Direct Routing.

Basic Steps
  1. Configure the connection to FortiGuard so the system can receive periodic IP Reputation Database updates. See Configuring FortiGuard service settings.
  2. Optionally, customize the actions you want to take when the system encounters a request from a source IP address that matches the list; and add exceptions. If a source IP address appears on the exceptions list, the system does not look it up on the IP Reputation list. See below.
  3. Enable IP Reputation in the profiles you associate with virtual servers. See Configuring Application profiles.

Before you begin:

  • You must have Read-Write permission for Firewall settings.
To customize IP Reputation policy rules:
  1. Go to Network Security > IP Reputation.
  2. Make sure to select the IP Reputation tab, which displays all IP reputation policy configuration in FortiADC.
  3. Click a policy or the corresponding Edit icon to open the IP Reputation editor.
  4. Make the desired changes as described in IP Reputation policy configuration.
  5. Click Save.

IP Reputation policy configuration

Settings Guidelines

Category

Depending the configuration on FortiGuard IP Reputation service, the IP reputation policy can be one of the following categories:

  • Botnet
  • Anonymous Proxy
  • Phishing
  • Spam
  • Others
  • Black List

Status

Enable or disable the category.

Action

  • Pass
  • Deny
  • Redirect
  • Send 403 Forbidden

Note: Layer 4 and TCPS virtual servers do not support Redirect or Send 403 Forbidden. If you apply an IP Reputation configuration that uses these options to a Layer 4 or TCPS virtual server, FortiADC logs the action as Redirect or Send 403 Forbidden but in fact denies the traffic.

Severity

The severity to apply to the event. Severity is useful when you filter and sort logs:

  • Low
  • Medium
  • High

Log

Enable or disable logging.