Fortinet black logo

Handbook

ISDB and IRDB in firewall policies

6.0.0
Copy Link
Copy Doc ID 4afb0436-a998-11e9-81a4-00505692583a:793211
Download PDF

ISDB and IRDB in firewall policies

The Internet Service Database (ISDB) and the IP Reputation Database (IRDB) provide similar functionality, so for ease of use, appear together in the GUI.

Use the contents of both, or either database as criteria for inclusion or exclusion in a firewall policy.

Use CLI to define the objects of the ISDB or IRDB objects as parameters within a policy is done within the CLI.

CLI Syntax

config firewall policy

edit <ID #>

set internet-service-src {enable|disable}

set internet-service-src-id <ID #>

set internet-service-src-custom <name>

set internet-service-src-negate {enable|disable}

end

CLI options
Option Description
internet-service-src Enables or disables the use of Internet Services source for this policy. If enabled, destination address and service are not used.
internet-service-src-id

Internet Service ID

Examples:

  • 65536 Google-Others
  • 65537 Google-Web
internet-service-src-custom

Custom Internet Service name

This custom name must already be configured.

internet-service-src-negate Enables or disables the use of Internet Services in source for this policy. If enabled, internet-service-src specifies what the service must NOT be.
note icon Similar settings are also used in Traffic Shaping policies.

ISDB and IRDB in firewall policies

The Internet Service Database (ISDB) and the IP Reputation Database (IRDB) provide similar functionality, so for ease of use, appear together in the GUI.

Use the contents of both, or either database as criteria for inclusion or exclusion in a firewall policy.

Use CLI to define the objects of the ISDB or IRDB objects as parameters within a policy is done within the CLI.

CLI Syntax

config firewall policy

edit <ID #>

set internet-service-src {enable|disable}

set internet-service-src-id <ID #>

set internet-service-src-custom <name>

set internet-service-src-negate {enable|disable}

end

CLI options
Option Description
internet-service-src Enables or disables the use of Internet Services source for this policy. If enabled, destination address and service are not used.
internet-service-src-id

Internet Service ID

Examples:

  • 65536 Google-Others
  • 65537 Google-Web
internet-service-src-custom

Custom Internet Service name

This custom name must already be configured.

internet-service-src-negate Enables or disables the use of Internet Services in source for this policy. If enabled, internet-service-src specifies what the service must NOT be.
note icon Similar settings are also used in Traffic Shaping policies.