Fortinet black logo

New Features

IP Reputation Filtering

Copy Link
Copy Doc ID 761d83e3-4a7b-11e9-94bf-00505692583a:734531
Download PDF

IP Reputation Filtering

This features adds support for reputation filtering in the firewall policies.

Currently, there are five reputation levels in the internet-service database (ISDB), and custom reputation levels can be defined in a custom internet-service. This features allows firewall policies to filter traffic according to the configured reputation level. If the reputation level of either the source or destination IP address is equal to or greater than the level set in the policy, then the packet is forwarded, otherwise, the packet is dropped.

The five default reputation levels are:

1

Known malicious sites related to botnet servers, phishing sites, etc.

2

Sites providing high risk services, such as TOR, proxy, P2P, etc.

3

Unverified sites.

4

Reputable sites from social media, such as Facebook, Twitter, etc.

5

Known and verified safe sites, such as Gmail, Amazon, eBay, etc.

The default minimum reputation level in a policy is zero, meaning that the reputation filter is disabled.

For IP addresses that are not included in the ISDB, the default reputation level is three.

The default reputation direction is destination.

To set the reputation level and direction in a policy:
config firewall policy
    edit 1
        set uuid dfcaec9c-e925-51e8-cf3e-fed9a1d42a1c
        set srcintf "wan2"
        set dstintf "wan1"
        set dstaddr "all"
        set reputation-minimum 3
	set reputation-direction source
        set action accept
        set schedule "always"
        set service "ALL"
        set logtraffic all
        set auto-asic-offload disable
        set nat enable
    next
end

Packets from the source IP address with reputation levels three, four, or five will be forwarded by this policy.

Note

In a policy, if reputation-minimum is set, and the reputation-direction is destination, then the dstaddr, service, and internet-service options are removed from the policy.

If reputation-minimum is set, and the reputation-direction is source, then the srcaddr, and internet-service-src options are removed from the policy.

IP Reputation Filtering

This features adds support for reputation filtering in the firewall policies.

Currently, there are five reputation levels in the internet-service database (ISDB), and custom reputation levels can be defined in a custom internet-service. This features allows firewall policies to filter traffic according to the configured reputation level. If the reputation level of either the source or destination IP address is equal to or greater than the level set in the policy, then the packet is forwarded, otherwise, the packet is dropped.

The five default reputation levels are:

1

Known malicious sites related to botnet servers, phishing sites, etc.

2

Sites providing high risk services, such as TOR, proxy, P2P, etc.

3

Unverified sites.

4

Reputable sites from social media, such as Facebook, Twitter, etc.

5

Known and verified safe sites, such as Gmail, Amazon, eBay, etc.

The default minimum reputation level in a policy is zero, meaning that the reputation filter is disabled.

For IP addresses that are not included in the ISDB, the default reputation level is three.

The default reputation direction is destination.

To set the reputation level and direction in a policy:
config firewall policy
    edit 1
        set uuid dfcaec9c-e925-51e8-cf3e-fed9a1d42a1c
        set srcintf "wan2"
        set dstintf "wan1"
        set dstaddr "all"
        set reputation-minimum 3
	set reputation-direction source
        set action accept
        set schedule "always"
        set service "ALL"
        set logtraffic all
        set auto-asic-offload disable
        set nat enable
    next
end

Packets from the source IP address with reputation levels three, four, or five will be forwarded by this policy.

Note

In a policy, if reputation-minimum is set, and the reputation-direction is destination, then the dstaddr, service, and internet-service options are removed from the policy.

If reputation-minimum is set, and the reputation-direction is source, then the srcaddr, and internet-service-src options are removed from the policy.