You are here: System Settings > Global Settings > IP Reputation

IP Reputation

Security threats arise from a variety of sources on the internet: botnets, spammers, phishers, etc., are all common threats that you want to keep off your network. Manually identifying suspect client IP addresses from which these threats originate is a complex task that many organizations do not have the resources to tackle. The IP Reputation feature provides you with a vigorously maintained database of IP addresses of compromised and malicious clients – as well as the infrastructure necessary to refuse those clients access to your network. It uses accurate, early, and frequently updated identification so you can block these attackers before they target your servers.

Data about dangerous clients is derived from many sources around the globe. This data is compiled into Fortinet’s IP Reputation Database (IRDB), which consists of the IP addresses of suspect clients. Clients are identified and tagged with poor reputations and included in the IRDB if they have been participating in attacks, willingly or otherwise. Configuring IP Reputation includes the following tasks:

The above tasks are shown graphically in the figure below:

Statistics are also generated that show all blocked IP addresses and the number of packets blocked for each IP address.

IP Reputation

CollapsedEnabling and Disabling
CollapsedDownloading the IRDB Database
CollapsedBlacklisting Categories

Modifying the Database

Besides enabling and disabling IP Reputation processing as a whole (See above), you can also enable and disable IP reputation for each for specific IP addresses. This is typically called “blacklisting” and “whitelisting”:

CollapsedBlacklisting Client IP Addresses
CollapsedWhitelisting Client IP Addresses
CollapsedDisplaying the Database IPs For Each Category

Viewing Statistics

The CLI stats command returns a list of all IP addresses blocked since the unit was last rebooted, along with a count of the number of packets from each IP address that was blocked. Enter the following to view the statistics:

eqcli > reputation stats 
16 IP addresses have been blocked

To view statistics using the GUI, within the System configuration tab, select IP Reputation > Statistics. A Statistics screen such as the following will be displayed, indicating the IP addresses that were blocked or passed and the Number of Packets associated with each IP Address.

Related Topics IconRelated Topics