FortiGuard Botnet protection
Preventing botnets from controlling your system is achieved by detecting and blocking connection attempts to known botnets. This feature also blocks connections to known phishing sites. The FortiGuard database is continually updated with addresses of known Command and Control (C&C) sites that botnet clients attempt to connect to, as well as a addresses of known phishing URLs.
To enable botnet and phishing protection in a DNS Filter profile, enable Block DNS requests to known botnet C&C.
The latest botnet database is available from FortiGuard. To see the version of the database and display its contents, go to System > FortiGuard > Botnet Definitions. You can also block, monitor, or allow outgoing connections to botnet sites for each FortiGate interface.
|Both the DNS Filter security profile and Botnet protection feature are only available for proxy-based inspection in FortiOS versions 5.4.0 and 5.4.1.
These features are available for both proxy-based and flow-based inspection in FortiOS versions 5.4.2 and above.
Improved Visibility of Botnet and Command & Control (C&C) protection in FortiOS 5.4.1
Mobile & Botnet C&C license information is now displayed in the License Information widget in the Dashboard. Additionally, you can view the list of Botnet C&C packages in the IP Reputation Database (IRDB) and the Botnet Domain Database (BDDB) from the License Information widget.
A button has been added to the GUI on the DNS filter page allowing you to block DNS requests known to FortiGuard. When you enable this feature, you can open a definitions window by clicking on "botnet package."
Access to the IRDB is available to users through FortiCare support contracts purchased or renewed before October 1, 2016. After that date, users will have to subscribe to the IRDB either through the FortiGuard Mobility Security Service (FMSS) or the FortiGuard Enterprise Bundle.