Fortinet black logo

Administration Guide

IP reputation filtering

IP reputation filtering

There are currently five reputation levels in the Internet Service Database (ISDB), and custom reputation levels can be defined in a custom internet service. You can configure firewall policies to filter traffic according to the desired reputation level. If the reputation level of either the source or destination IP address is equal to or greater than the level set in the policy, then the packet is forwarded, otherwise, the packet is dropped.

The five default reputation levels are:

1

Known malicious sites, such as phishing sites or sites related to botnet servers

2

High risk services sites, such as TOR, proxy, and P2P

3

Unverified sites

4

Reputable social media sites, such as Facebook and Twitter

5

Known and verified safe sites, such as Gmail, Amazon, and eBay

The default minimum reputation level in a policy is zero, meaning that the reputation filter is disabled.

For IP addresses that are not included in the ISDB, the default reputation level is three.

The default reputation direction is destination.

Example 1

Packets from the source IP address with reputation levels three, four, or five will be forwarded by this policy.

To set the reputation level and direction in a policy using the CLI:

config firewall policy edit 1 set srcintf "wan2" set dstintf "port1" set srcaddr “all” set dstaddr "all" set reputation-minimum 3 set reputation-direction source set action accept set schedule "always" set service "ALL" set logtraffic all set auto-asic-offload disable set nat enable next end

Packets from the source IP address with reputation levels three, four, or five will be forwarded by this policy.

Example 2

This policy allows only outbound FTP traffic, if the destination server has a minimum reputation of 4.

To set the reputation level and direction in a policy using the CLI:

config firewall policy edit 1 set srcintf "port1" set dstintf "wan2" set srcaddr “all” set dstaddr "all" set reputation-minimum 4 set reputation-direction destination set action accept set schedule "always" set service "FTP" set logtraffic all set auto-asic-offload disable set nat enable next end

IP reputation filtering

There are currently five reputation levels in the Internet Service Database (ISDB), and custom reputation levels can be defined in a custom internet service. You can configure firewall policies to filter traffic according to the desired reputation level. If the reputation level of either the source or destination IP address is equal to or greater than the level set in the policy, then the packet is forwarded, otherwise, the packet is dropped.

The five default reputation levels are:

1

Known malicious sites, such as phishing sites or sites related to botnet servers

2

High risk services sites, such as TOR, proxy, and P2P

3

Unverified sites

4

Reputable social media sites, such as Facebook and Twitter

5

Known and verified safe sites, such as Gmail, Amazon, and eBay

The default minimum reputation level in a policy is zero, meaning that the reputation filter is disabled.

For IP addresses that are not included in the ISDB, the default reputation level is three.

The default reputation direction is destination.

Example 1

Packets from the source IP address with reputation levels three, four, or five will be forwarded by this policy.

To set the reputation level and direction in a policy using the CLI:

config firewall policy edit 1 set srcintf "wan2" set dstintf "port1" set srcaddr “all” set dstaddr "all" set reputation-minimum 3 set reputation-direction source set action accept set schedule "always" set service "ALL" set logtraffic all set auto-asic-offload disable set nat enable next end

Packets from the source IP address with reputation levels three, four, or five will be forwarded by this policy.

Example 2

This policy allows only outbound FTP traffic, if the destination server has a minimum reputation of 4.

To set the reputation level and direction in a policy using the CLI:

config firewall policy edit 1 set srcintf "port1" set dstintf "wan2" set srcaddr “all” set dstaddr "all" set reputation-minimum 4 set reputation-direction destination set action accept set schedule "always" set service "FTP" set logtraffic all set auto-asic-offload disable set nat enable next end