Fortinet black logo

Handbook

Configure IP reputation block list

Configure IP reputation block list

Upload the source IP's or CIDRs that you want the ADC to block in the IP reputation block list. When these source IP's try to access the VS, the connection will fail. You can create IP/Netmask or IP Range type block list, back up or restore files.

The content of IP reputation block list file should be coded in ASCII and every line can be a IP netmask or IP address range. There can be 256 IP netmasks or IP address ranges in the file. It looks like this:

192.168.1.1-192.168.1.10

172.16.1.1-172.16.2.100

10.1.1.0/24

20.1.1.0/24

You use the Restore utility to import the file and the Back Up utility to export it. This operation will back up the current restored IP reputation block list, however, it does not back up user-configured entries.

You use the Clean utility to erase entries that were imported from the text file. This operation will erase the current restored IP reputation block list, however, it does not affect user-configured entries.

To create an IP Reputation block list:
  1. Go to Network Security > IP Reputation
  2. Click the IP Reputation Block List tab to Create New block lists as described in IP Reputation block list.
  3. Click Save.

IP Reputation block list

Settings Guidelines

Status

Enable or disable the exception. You might have occasion to toggle the exception off and on.

Type

  • IP/netmask: Select this option to allow a specified IP address to pass through.
  • IP Range: Select this option to allow a specified range of IP addresses to pass through.

IP/Netmask

If IP/netmask is selected in the Type field above, specify a subnet using the address/mask notation.

Start IP / End IP

If IP Range is selected in the Type field above, specify the starting address and ending address of the IP range.

Configure IP reputation block list

Upload the source IP's or CIDRs that you want the ADC to block in the IP reputation block list. When these source IP's try to access the VS, the connection will fail. You can create IP/Netmask or IP Range type block list, back up or restore files.

The content of IP reputation block list file should be coded in ASCII and every line can be a IP netmask or IP address range. There can be 256 IP netmasks or IP address ranges in the file. It looks like this:

192.168.1.1-192.168.1.10

172.16.1.1-172.16.2.100

10.1.1.0/24

20.1.1.0/24

You use the Restore utility to import the file and the Back Up utility to export it. This operation will back up the current restored IP reputation block list, however, it does not back up user-configured entries.

You use the Clean utility to erase entries that were imported from the text file. This operation will erase the current restored IP reputation block list, however, it does not affect user-configured entries.

To create an IP Reputation block list:
  1. Go to Network Security > IP Reputation
  2. Click the IP Reputation Block List tab to Create New block lists as described in IP Reputation block list.
  3. Click Save.

IP Reputation block list

Settings Guidelines

Status

Enable or disable the exception. You might have occasion to toggle the exception off and on.

Type

  • IP/netmask: Select this option to allow a specified IP address to pass through.
  • IP Range: Select this option to allow a specified range of IP addresses to pass through.

IP/Netmask

If IP/netmask is selected in the Type field above, specify a subnet using the address/mask notation.

Start IP / End IP

If IP Range is selected in the Type field above, specify the starting address and ending address of the IP range.