config load-balance reputation
Use this command to configure IP reputation policies.
The FortiGuard IP Reputation service provides a regularly updated data set that identifies compromised and malicious clients.
The IP reputation configuration allows you to specify the action the system takes when it receives traffic from a client with an IP address on the list. Table 13 lists limitations for IP reputation actions.
Action | Profile Limitations | |
---|---|---|
Pass |
IPv4 only |
Not supported for RADIUS. |
Deny |
IPv4 only |
Not supported for RADIUS. |
Redirect |
IPv4 only |
Not supported for RADIUS, FTP, TCP, UDP. |
Send 403 Forbidden |
IPv4 only |
Not supported for RADIUS, FTP, TCP, UDP. |
Note: IP reputation is also not supported for Layer 4 virtual servers when the Packet Forwarding Mode is Direct Routing.
Basic Steps
- Configure the connection to the FortiGuard IP Reputation Service.
- Optionally, customize the actions you want to take when the system encounters a request from an IP source that matches the list; and add exceptions. If a source IP appears on the exceptions list, the system does not look it up on the IP reputation list. See below.
- Enable IP reputation in the profiles you associate with virtual servers.
Before you begin:
- You must have read-write permission for load balancing settings.
Syntax
config load-balance reputation
edit <No.>
set action {deny | pass | redirect | send-403-forbidden}
set category <string>
set log {enable|disable}
set severity {high | low | medium}
set status {enable|disable}
next
end
action |
Note: Layer 4 and TCPS virtual servers do not support Redirect or Send 403 Forbidden. If you apply an IP reputation configuration that uses these options to a Layer 4 or TCPS virtual server, FortiADC logs the action as Redirect or Send 403 Forbidden, but in fact denies the traffic. |
category |
Specify a FortiGuard IP Reputation category:
|
log |
Enable/disable logging. |
severity |
The severity to apply to the event. Severity is useful when you filter and sort logs:
|
status |
Enable/disable the category. |
Example
FortiADC-VM # get load-balance reputation
== [ 1 ]
== [ 2 ]
== [ 3 ]
== [ 4 ]
== [ 5 ]
== [ 6 ]
FortiADC-VM # get load-balance reputation 1
category : Botnet
status : enable
action : pass
severity : low
log : disable
FortiADC-VM # get load-balance reputation 2
category : "Anonymous Proxy"
status : enable
action : pass
severity : low
log : disable
FortiADC-VM # get load-balance reputation 3
category : Phishing
status : enable
action : pass
severity : low
log : disable
FortiADC-VM # get load-balance reputation 4
category : Spam
status : enable
action : pass
severity : low
log : disable
FortiADC-VM # get load-balance reputation 5
category : Others
status : enable
action : pass
severity : low
log : disable
FortiADC-VM # get load-balance reputation 6
category : "Block List"
status : enable
action : deny
severity : low
log : disable