Botnet and command-and-control protection
You can configure botnet and command-and-control traffic protection, in a FortiGate GUI or CLI.
To configure botnet scans on an interface - GUI:
- Go to Network > Interfaces and edit an interface.
- Set the Scan Outgoing Connections to Botnet Sites option to Disable, Block, or Monitor.
To configure botnet scans on an interface - CLI:
config system interface
edit <interface>
set scan-botnet-connections {disable | block | monitor}
next
end
You can also enable the scanning of botnet and command-and-control traffic in the following policies:
To enable botnet scans in firewall policies - CLI:
config firewall policy
edit <policy ID>
set scan-botnet-connections {disable | block | monitor}
next
end
To enable botnet scans in firewall explicit proxy policies - CLI:
config firewall explicit-proxy-policy
edit <policy ID>
set scan-botnet-connections {disable | block | monitor}
next
end
To enable botnet scans in firewall interface policies - CLI:
config firewall interface-policy
edit <policy ID>
set scan-botnet-connections {disable | block | monitor}
next
end
To enable botnet scans for firewall sniffer - CLI:
config firewall sniffer
edit <policy ID>
set scan-botnet-connections {disable | block | monitor}
next
end