Fortinet black logo

Handbook

Botnet and command-and-control protection

6.0.0
Copy Link
Copy Doc ID 4afb0436-a998-11e9-81a4-00505692583a:655554
Download PDF

Botnet and command-and-control protection

You can configure botnet and command-and-control traffic protection, in a FortiGate GUI or CLI.

To configure botnet scans on an interface - GUI:
  1. Go to Network > Interfaces and edit an interface.
  2. Set the Scan Outgoing Connections to Botnet Sites option to Disable, Block, or Monitor.
To configure botnet scans on an interface - CLI:

config system interface

edit <interface>

set scan-botnet-connections {disable | block | monitor}

next

end

You can also enable the scanning of botnet and command-and-control traffic in the following policies:

To enable botnet scans in firewall policies - CLI:

config firewall policy

edit <policy ID>

set scan-botnet-connections {disable | block | monitor}

next

end

To enable botnet scans in firewall explicit proxy policies - CLI:

config firewall explicit-proxy-policy

edit <policy ID>

set scan-botnet-connections {disable | block | monitor}

next

end

To enable botnet scans in firewall interface policies - CLI:

config firewall interface-policy

edit <policy ID>

set scan-botnet-connections {disable | block | monitor}

next

end

To enable botnet scans for firewall sniffer - CLI:

config firewall sniffer

edit <policy ID>

set scan-botnet-connections {disable | block | monitor}

next

end

Botnet and command-and-control protection

You can configure botnet and command-and-control traffic protection, in a FortiGate GUI or CLI.

To configure botnet scans on an interface - GUI:
  1. Go to Network > Interfaces and edit an interface.
  2. Set the Scan Outgoing Connections to Botnet Sites option to Disable, Block, or Monitor.
To configure botnet scans on an interface - CLI:

config system interface

edit <interface>

set scan-botnet-connections {disable | block | monitor}

next

end

You can also enable the scanning of botnet and command-and-control traffic in the following policies:

To enable botnet scans in firewall policies - CLI:

config firewall policy

edit <policy ID>

set scan-botnet-connections {disable | block | monitor}

next

end

To enable botnet scans in firewall explicit proxy policies - CLI:

config firewall explicit-proxy-policy

edit <policy ID>

set scan-botnet-connections {disable | block | monitor}

next

end

To enable botnet scans in firewall interface policies - CLI:

config firewall interface-policy

edit <policy ID>

set scan-botnet-connections {disable | block | monitor}

next

end

To enable botnet scans for firewall sniffer - CLI:

config firewall sniffer

edit <policy ID>

set scan-botnet-connections {disable | block | monitor}

next

end