Security Features : Managing IP reputation policy settings
 
Managing IP reputation policy settings
The FortiGuard IP Reputation service provides a regularly updated data set that identifies compromised and malicious clients.
The IP reputation configuration allows you to specify the action the system takes when it receives traffic from a client with an IP address on the list. Table 39 lists limitations for IP reputation actions.
Table 39: IP reputation actions
Action
Address Type
Profile Limitations
Pass
IPv4 only
Not supported for RADIUS.
Deny
IPv4 only
Not supported for RADIUS.
Redirect
IPv4 only
Not supported for RADIUS, FTP, TCP, UDP.
Send 403 Forbidden
IPv4 only
Not supported for RADIUS, FTP, TCP, UDP.
Note: IP reputation is also not supported for Layer 4 virtual servers when the Packet Forwarding Mode is Direct Routing.
Basic Steps
1. Configure the connection to the FortiGuard IP Reputation Service. See “Configuring FortiGuard service settings”.
2. Optionally, customize the actions you want to take when the system encounters a request from an IP source that matches the list; and add exceptions. If a source IP appears on the exceptions list, the system does not look it up on the IP reputation list. See below.
3. Enable IP reputation in the profiles you associate with virtual servers. See “Configuring profiles”.
Before you begin:
You must have Read-Write permission for Firewall settings.
To customize IP reputation policy rules:
1. Go to Security > Reputation.
2. Click the edit icon, customize the configuration, and add exceptions as described in Table 40.
3. Save the configuration.
Table 40: IP reputation policy configuration
Settings
Guidelines
Status
Use the option box to enable or disable the category.
Action
Pass
Deny
Redirect
Send 403 Forbidden
Note: L4 Load Balance and TCPS virtual servers do not support Redirect or Send 403 Forbidden. If you apply an IP reputation configuration that uses these options to a L4 Load Balance or TCPS virtual server, FortiADC denies matching clients but logs the action as Redirect or Send 403 Forbidden.
Severity
The severity to apply to the event. Severity is useful when you filter and sort logs:
Low
Medium
High
Log
Use the option box to enable or disable logging.
IP Reputation Exception
IP Reputation Exception
Click Add to add exceptions to the rule—traffic that should not be processed by the IP reputation module.
Status
Enable or disable the exception. You might have occasion to toggle to exception off and on.
IP Address
Specify the IP address that should not be processed by the IP reputation module.