Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

CLI Reference

config load-balance reputation

Use this command to configure IP reputation policies.

The FortiGuard IP Reputation service provides a regularly updated data set that identifies compromised and malicious clients.

The IP reputation configuration allows you to specify the action the system takes when it receives traffic from a client with an IP address on the list. Table 13 lists limitations for IP reputation actions.

IP reputation actions

Action   Profile Limitations

Pass

IPv4 only

Not supported for RADIUS.

Deny

IPv4 only

Not supported for RADIUS.

Redirect

IPv4 only

Not supported for RADIUS, FTP, TCP, UDP.

Send 403 Forbidden

IPv4 only

Not supported for RADIUS, FTP, TCP, UDP.

Note: IP reputation is also not supported for Layer 4 virtual servers when the Packet Forwarding Mode is Direct Routing.

Basic Steps
  1. Configure the connection to the FortiGuard IP Reputation Service.
  2. Optionally, customize the actions you want to take when the system encounters a request from an IP source that matches the list; and add exceptions. If a source IP appears on the exceptions list, the system does not look it up on the IP reputation list. See below.
  3. Enable IP reputation in the profiles you associate with virtual servers.

Before you begin:

  • You must have read-write permission for load balancing settings.

Syntax

config load-balance reputation

edit <No.>

set action {deny | pass | redirect | send-403-forbidden}

set category <string>

set log {enable|disable}

set severity {high | low | medium}

set status {enable|disable}

next

end

action

  • Pass
  • Deny
  • Redirect
  • Send 403 Forbidden

Note: Layer 4 and TCPS virtual servers do not support Redirect or Send 403 Forbidden. If you apply an IP reputation configuration that uses these options to a Layer 4 or TCPS virtual server, FortiADC logs the action as Redirect or Send 403 Forbidden, but in fact denies the traffic.

category

Specify a FortiGuard IP Reputation category:

  • Botnet
  • Anonymous Proxy
  • Phishing
  • Spam
  • Black List
  • Others

log

Enable/disable logging.

severity

The severity to apply to the event. Severity is useful when you filter and sort logs:

  • Low
  • Medium
  • High

status

Enable/disable the category.

Example

FortiADC-VM # get load-balance reputation

== [ 1 ]

== [ 2 ]

== [ 3 ]

== [ 4 ]

== [ 5 ]

== [ 6 ]

 

FortiADC-VM # get load-balance reputation 1

category : Botnet

status : enable

action : pass

severity : low

log : disable

 

FortiADC-VM # get load-balance reputation 2

category : "Anonymous Proxy"

status : enable

action : pass

severity : low

log : disable

 

FortiADC-VM # get load-balance reputation 3

category : Phishing

status : enable

action : pass

severity : low

log : disable

 

FortiADC-VM # get load-balance reputation 4

category : Spam

status : enable

action : pass

severity : low

log : disable

 

FortiADC-VM # get load-balance reputation 5

category : Others

status : enable

action : pass

severity : low

log : disable

 

FortiADC-VM # get load-balance reputation 6

category : "Black List"

status : enable

action : deny

severity : low

log : disable

 

config load-balance reputation

Use this command to configure IP reputation policies.

The FortiGuard IP Reputation service provides a regularly updated data set that identifies compromised and malicious clients.

The IP reputation configuration allows you to specify the action the system takes when it receives traffic from a client with an IP address on the list. Table 13 lists limitations for IP reputation actions.

IP reputation actions

Action   Profile Limitations

Pass

IPv4 only

Not supported for RADIUS.

Deny

IPv4 only

Not supported for RADIUS.

Redirect

IPv4 only

Not supported for RADIUS, FTP, TCP, UDP.

Send 403 Forbidden

IPv4 only

Not supported for RADIUS, FTP, TCP, UDP.

Note: IP reputation is also not supported for Layer 4 virtual servers when the Packet Forwarding Mode is Direct Routing.

Basic Steps
  1. Configure the connection to the FortiGuard IP Reputation Service.
  2. Optionally, customize the actions you want to take when the system encounters a request from an IP source that matches the list; and add exceptions. If a source IP appears on the exceptions list, the system does not look it up on the IP reputation list. See below.
  3. Enable IP reputation in the profiles you associate with virtual servers.

Before you begin:

  • You must have read-write permission for load balancing settings.

Syntax

config load-balance reputation

edit <No.>

set action {deny | pass | redirect | send-403-forbidden}

set category <string>

set log {enable|disable}

set severity {high | low | medium}

set status {enable|disable}

next

end

action

  • Pass
  • Deny
  • Redirect
  • Send 403 Forbidden

Note: Layer 4 and TCPS virtual servers do not support Redirect or Send 403 Forbidden. If you apply an IP reputation configuration that uses these options to a Layer 4 or TCPS virtual server, FortiADC logs the action as Redirect or Send 403 Forbidden, but in fact denies the traffic.

category

Specify a FortiGuard IP Reputation category:

  • Botnet
  • Anonymous Proxy
  • Phishing
  • Spam
  • Black List
  • Others

log

Enable/disable logging.

severity

The severity to apply to the event. Severity is useful when you filter and sort logs:

  • Low
  • Medium
  • High

status

Enable/disable the category.

Example

FortiADC-VM # get load-balance reputation

== [ 1 ]

== [ 2 ]

== [ 3 ]

== [ 4 ]

== [ 5 ]

== [ 6 ]

 

FortiADC-VM # get load-balance reputation 1

category : Botnet

status : enable

action : pass

severity : low

log : disable

 

FortiADC-VM # get load-balance reputation 2

category : "Anonymous Proxy"

status : enable

action : pass

severity : low

log : disable

 

FortiADC-VM # get load-balance reputation 3

category : Phishing

status : enable

action : pass

severity : low

log : disable

 

FortiADC-VM # get load-balance reputation 4

category : Spam

status : enable

action : pass

severity : low

log : disable

 

FortiADC-VM # get load-balance reputation 5

category : Others

status : enable

action : pass

severity : low

log : disable

 

FortiADC-VM # get load-balance reputation 6

category : "Black List"

status : enable

action : deny

severity : low

log : disable