Security Profiles > Intrusion Prevention has a new Botnet C&C option. This option consolidates multiple botnet options into a single option in the IPS Profile so that in one place, you can enable botnet blocking across all traffic that match the policy.
The new Security Profiles > Intrusion Prevention > Botnet C&C option replaces and enhances the old Network Interfaces > Scan Outgoing Connections to Botnet Sites option.
- Go to Security Profiles > Intrusion Prevention and enable Botnet C&C by setting Scan Outgoing Connections to Botnet Sites to Block or Monitor.
- Add the above sensor to the firewall policy and the IPS engine will start to scan outgoing connections to botnet sites.
For example, visit a botnet IP and an IPS log is generated for this attack.
config ips sensor now has a new
config ips sensor
set scan-botnet-connections <disable | block | monitor>
In System > FortiGuard , Botnet IPs and Botnet Domains are now in the Intrusion Prevention section.
There are no changes from version 6.0.4 in configuring Security Profiles > DNS Filter > Redirect botnet C&C requests to Block Portal. Add the profile to a firewall policy to block connections to Botnet domains.
There are no changes from version 6.0.4 in configuring Security Profiles > Intrusion Prevention > Block malicious URLs. Enable Block malicious URLs in IPS Sensor and then add the sensor to a firewall policy.
In this version and version 6.0.4, there are IPS signatures for botnet attacks. Include these signatures in IPS Sensor and then add the sensor to a firewall policy to detect or block attacks matching the IPS signatures.