config load-balance reputation
Use this command to configure IP reputation policies.
The FortiGuard IP Reputation service provides a regularly updated data set that identifies compromised and malicious clients.
The IP reputation configuration allows you to specify the action the system takes when it receives traffic from a client with an IP address on the list.
Table 12 lists limitations for IP reputation actions.
Table 12: IP reputation actions
Action | Address Type | Profile Limitations |
Pass | IPv4 only | Not supported for RADIUS. |
Deny | IPv4 only | Not supported for RADIUS. |
Redirect | IPv4 only | Not supported for RADIUS, FTP, TCP, UDP. |
Send 403 Forbidden | IPv4 only | Not supported for RADIUS, FTP, TCP, UDP. |
Note: IP reputation is also not supported for Layer 4 virtual servers when the Packet Forwarding Mode is Direct Routing.
Basic Steps
1. Configure the connection to the FortiGuard IP Reputation Service.
2. Optionally, customize the actions you want to take when the system encounters a request from an IP source that matches the list; and add exceptions. If a source IP appears on the exceptions list, the system does not look it up on the IP reputation list. See below.
3. Enable IP reputation in the profiles you associate with virtual servers.
Before you begin:
• You must have read-write permission for load balancing settings.
Syntax
config load-balance reputation
edit <No.>
set action {deny | pass | redirect | send-403-forbidden}
set category <string>
set log {enable|disable}
set severity {high | low | medium}
set status {enable|disable}
next
end
action | • Pass • Deny • Redirect • Send 403 Forbidden Note: Layer 4 and TCPS virtual servers do not support Redirect or Send 403 Forbidden. If you apply an IP reputation configuration that uses these options to a Layer 4 or TCPS virtual server, FortiADC logs the action as Redirect or Send 403 Forbidden, but in fact denies the traffic. |
category | Specify a FortiGuard IP Reputation category: • Botnet • Anonymous Proxy • Phishing • Spam • Others |
log | Enable/disable logging. |
severity | The severity to apply to the event. Severity is useful when you filter and sort logs: • Low • Medium • High |
status | Enable/disable the category. |
Example
FortiADC-VM # get load-balance reputation
== [ 1 ]
== [ 2 ]
== [ 3 ]
== [ 4 ]
== [ 5 ]
FortiADC-VM # get load-balance reputation 1
category : Botnet
status : enable
action : pass
severity : low
log : disable
FortiADC-VM # get load-balance reputation 2
category : "Anonymous Proxy"
status : enable
action : pass
severity : low
log : disable
FortiADC-VM # get load-balance reputation 3
category : Phishing
status : enable
action : pass
severity : low
log : disable
FortiADC-VM # get load-balance reputation 4
category : Spam
status : enable
action : pass
severity : low
log : disable
FortiADC-VM # get load-balance reputation 5
category : Others
status : enable
action : pass
severity : low
log : disable