Managing IP Reputation policy settings
The FortiGuard IP Reputation service provides a database of known compromised or malicious client IP addresses. The database is updated periodically.
The IP Reputation configuration allows you to specify the action the system takes when an SLB virtual server receives traffic from a client with an IP address on the list.
Table 48 lists limitations for IP Reputation actions.
Table 48: IP Reputation actions
Action | Address Type | Profile Limitations |
Pass | IPv4 only | Not supported for RADIUS. |
Deny | IPv4 only | Not supported for RADIUS. |
Redirect | IPv4 only | Not supported for RADIUS, FTP, TCP, UDP. |
Send 403 Forbidden | IPv4 only | Not supported for RADIUS, FTP, TCP, UDP. |
Note: IP Reputation is also not supported for Layer 4 virtual servers when the Packet Forwarding Mode is Direct Routing.
Basic Steps
2. Optionally, customize the actions you want to take when the system encounters a request from a source IP address that matches the list; and add exceptions. If a source IP address appears on the exceptions list, the system does not look it up on the IP Reputation list. See below.
Before you begin:
• You must have Read-Write permission for Firewall settings.
To customize IP Reputation policy rules:
1. Go to Security > Reputation.
2. Click the IP Reputation tab to manage IP Reputation response settings and the IP Reputation Exception tab to add exceptions.
3. Customize the configuration and add exceptions as described in
Table 49.
4. Save the configuration.
Table 49: IP Reputation policy configuration
Settings | Guidelines |
Status | Use the option box to enable or disable the category. |
Action | • Pass • Deny • Redirect • Send 403 Forbidden Note: Layer 4 and TCPS virtual servers do not support Redirect or Send 403 Forbidden. If you apply an IP Reputation configuration that uses these options to a Layer 4 or TCPS virtual server, FortiADC logs the action as Redirect or Send 403 Forbidden but in fact denies the traffic. |
Severity | The severity to apply to the event. Severity is useful when you filter and sort logs: • Low • Medium • High |
Log | Use the option box to enable or disable logging. |
IP Reputation Exception |
IP Reputation Exception | Click Add to add exceptions to the rule—traffic that should not be processed by the IP Reputation module. |
Status | Enable or disable the exception. You might have occasion to toggle the exception off and on. |
IP Address | Specify the IP address that should not be processed by the IP Reputation module. |