Load balancing : Load balancing among local servers : Distributing new sessions among your servers : Blacklisting source IPs with poor reputation
 
Blacklisting source IPs with poor reputation
You can configure FortiADC to use the FortiGuard IP Reputation Service. This service provides accurate, early, and frequently updated identification of compromised and malicious clients so you can block attackers before they target your servers.
IP reputation knowledge is regularly updated if you have subscribed and connected your FortiADC to the FortiGuard IP Reputation service (see “Connecting to FortiGuard services”). New options appear periodically. You can monitor the FortiGuard web site feed for security advisories which can alert you to new IP reputation-related options.
The IP reputation feature is not available for Radius virtual servers (specified in the server’s profile configuration).
The IP reputation configuration allows you to specify the action FortiADC takes when it detects a disreputable client: Pass, Deny, Redirect, or Send 403 Forbidden. L4 Load Balance and TCPS virtual servers do not support Redirect or Send 403 Forbidden. If you apply an IP reputation configuration that uses these options to a L4 Load Balance or TCPS virtual server, FortiADC denies disreputable clients but logs the action as Redirect or Send 403 Forbidden.
To configure the policy
1. If you need to exempt some clients’ public IP addresses due to possible false positives, configure IP reputation exemptions first. Go to Server Load Balance > IP Reputation > Exceptions.
2. Go to Server Load Balance > IP Reputation > Policy.
By default, all categories of disreputable clients are enabled.
3. To edit the status or other parameters for an IP reputation category, double-click the item.
4. Specify the following:
Whether the category is enabled.
The action FortiADC takes if it detects a disreputable client of the selected category.
If you select Redirect, when you add the IP Reputation option to a profile, specify a URL that FortiADC redirects disreputable clients to (see step 7).
The severity level that is reported in the log message that FortiADC generates when it detects this type of disreputable client, if the Log option is enabled.
Whether FortiADC generates a log message when it detects this type of disreputable client.
5. Click Save.
6. To apply your IP reputation policy, for a profile for the appropriate virtual server, enable IP Reputation.
7. If required, for For IP Reputation Redirect URL, specify a URL that FortiADC redirects disreputable clients to.