Dynamic BGP learning of ISDB reputation IPs New
Dynamic BGP-based learning for Botnet and Spam ISDB categories allows FortiGate to automatically receive and advertise these IPs for more responsive, threat-aware routing.
config router bgp
config network
edit <id>
set internet-service-name {Botnet-C&C.Server | Spam-Spamming.Server}
next
end
end
To test using the Botnet-C&C.Server internet service:
-
Configure BGP:
config router bgp set as 65412 set router-id 2.2.2.2 set network-import-check disable config neighbor edit "3.3.3.3" set advertisement-interval 5 set capability-graceful-restart enable set ebgp-enforce-multihop enable set next-hop-self enable set soft-reconfiguration enable set remote-as 65412 set route-map-out "as-prepend" set keep-alive-timer 30 set holdtime-timer 90 set update-source "loopback1" next end config network edit 1 set prefix 172.28.1.0 255.255.255.0 next edit 2 set prefix 172.28.2.0 255.255.255.0 next edit 3 set prefix 172.25.1.0 255.255.255.0 next edit 4 set internet-service-name "Botnet-C&C.Server" next end config network6 edit 1 set prefix6 2000:172:27:1::/64 next end end -
Check the internet service ID:
# diagnose internet-service id 3080383 ... 222.158.197.138-222.158.197.138 country(392) region(65535) city(65535) blocklist(0x1) reputation(1), popularity(1) domain(0) botnet(7630624) proto(6) port(80) 222.165.194.68-222.165.194.68 country(360) region(65535) city(65535) blocklist(0x1) reputation(1), popularity(1) domain(0) botnet(7630624) proto(6) port(50486) 222.165.205.154-222.165.205.154 country(360) region(65535) city(65535) blocklist(0x1) reputation(1), popularity(1) domain(0) botnet(7630624) proto(6) port(8089) 222.173.92.154-222.173.92.154 country(156) region(65535) city(65535) blocklist(0x1) reputation(1), popularity(1) domain(0) botnet(7630624) proto(6) port(32075) 222.191.243.187-222.191.243.187 country(156) region(65535) city(65535) blocklist(0x1) reputation(1), popularity(1) domain(0) botnet(7630624) proto(6) port(45730) 222.211.72.29-222.211.72.29 country(156) region(65535) city(65535) blocklist(0x1) reputation(1), popularity(1) domain(0) botnet(7630020) proto(6) port(80) 222.217.68.17-222.217.68.17 country(156) region(65535) city(65535) blocklist(0x1) reputation(1), popularity(1) domain(0) botnet(7630624) proto(6) port(35165) 222.252.23.5-222.252.23.5 country(704) region(65535) city(65535) blocklist(0x1) reputation(1), popularity(1) domain(0) botnet(7630624) proto(6) port(8080) 223.100.166.3-223.100.166.3 country(156) region(65535) city(65535) blocklist(0x1) reputation(1), popularity(1) domain(0) botnet(7630624) proto(6) port(49247) 223.165.243.209-223.165.243.209 country(410) region(65535) city(65535) blocklist(0x1) reputation(1), popularity(1) domain(0) botnet(7630624) proto(6) port(47205)
-
On the BGP peer, check the networks/subnets of this internet service:
# get router info routing-table bgp ... B 221.194.47.218/32 [200/0] via 2.2.2.2 (recursive via 172.16.200.2, port1), 00:00:15, [1/0] B 221.229.204.124/32 [200/0] via 2.2.2.2 (recursive via 172.16.200.2, port1), 00:00:15, [1/0] B 222.129.33.141/32 [200/0] via 2.2.2.2 (recursive via 172.16.200.2, port1), 00:00:15, [1/0] B 222.129.35.9/32 [200/0] via 2.2.2.2 (recursive via 172.16.200.2, port1), 00:00:15, [1/0] B 222.158.197.138/32 [200/0] via 2.2.2.2 (recursive via 172.16.200.2, port1), 00:00:15, [1/0] B 222.165.194.68/32 [200/0] via 2.2.2.2 (recursive via 172.16.200.2, port1), 00:00:15, [1/0] B 222.165.205.154/32 [200/0] via 2.2.2.2 (recursive via 172.16.200.2, port1), 00:00:15, [1/0] B 222.173.92.154/32 [200/0] via 2.2.2.2 (recursive via 172.16.200.2, port1), 00:00:15, [1/0] B 222.191.243.187/32 [200/0] via 2.2.2.2 (recursive via 172.16.200.2, port1), 00:00:15, [1/0] B 222.211.72.29/32 [200/0] via 2.2.2.2 (recursive via 172.16.200.2, port1), 00:00:15, [1/0] B 222.217.68.17/32 [200/0] via 2.2.2.2 (recursive via 172.16.200.2, port1), 00:00:15, [1/0] B 222.252.23.5/32 [200/0] via 2.2.2.2 (recursive via 172.16.200.2, port1), 00:00:15, [1/0] B 223.100.166.3/32 [200/0] via 2.2.2.2 (recursive via 172.16.200.2, port1), 00:00:15, [1/0] B 223.165.243.209/32 [200/0] via 2.2.2.2 (recursive via 172.16.200.2, port1), 00:00:14, [1/0]