Global Settings : Configuring IP reputation settings
 
Configuring IP reputation settings
The FortiGuard IP Reputation Service is a licensed subscription service that maintains data on IP addresses and network IP ranges that pose a threat to your network. After you purchase IP Reputation, you register the FortiDDoS appliance serial number. Then, you can download the IP reputation list or schedule updates.
After you have enabled the feature, the FortiDDoS system downloads the most recent definitions file and then maintains updates for it according to the schedule you configure. To use over-the-wire updates, the management port must be able to access the Internet. Alternatively, you can obtain the IP reputation definitions file and upload it using the system dashboard License Information portlet.
The License Information portlet displays the status of the most recent update. If the download is successful and new definitions are available, the lists are replaced; otherwise, the previous list remains in use.
You can configure how the FortiDDoS system receives scheduled updates.
Information about packets denied by Local Address Anti-spoofing rules is reported in the following graphs and reports:
Graphs (Monitor > ACL Drops > Layer 3, Monitor > Layer 3 > Address Denied)
Executive Summary dashboard (Log & Report > Report Browse > Executive Summary)
Reports (Log & Report > Report Configuration > Report Configuration)
Before you begin:
You must have Read-Write permission for Global Settings.
To configure IP reputation settings:
1. Go to Global Settings > IP reputation > IP reputation.
2. Click Add to display the configuration editor.
3. Complete the configuration as described in Table 17.
4. Save the configuration.
Table 17: IP reputation configuration
Settings
Guidelines
Status
Enable—Enable scheduled updates.
Disable—Disable scheduled updates.
Override server IP
Enable—Enable to specify the override server IP address.
Disable—To not use an override server address.
Schedule type
Every—Schedule periodic updates. Specify the time to perform the update.
Daily—Schedule daily updates. Specify the time of day to perform the update.
Weekly—Schedule weekly updates. Specify the day and time to perform the update.
Category
Select an IP reputation subscription category. If you use IP reputation, we recommend you select ddos reputation data.
You can select from the following choices:
phishing
ddos
anonymous proxy
spam
others
Tunneling
Enable to use a web proxy server IP address.
Tunneling IP address
Web proxy server IP address.
Port
Port for the web proxy server.
Username
Administrator username for the web proxy server.
Password
Password for the web proxy server.
 
 
To configure with the CLI, use a command sequence similar to the following:
config ddos global ip-reputation
set ip-reputation-status {enable | disable}
set override-server-ip {enable | disable}
set ip-reputation-ip-address <override_server_address>
set ip-reputation-schedule-type {hourly | daily | weekly}
[set schedule-hour <hour_int>]
[set schedule-weekdays {sunday | monday | tuesday ...|saturday}]
set ip-reputation-category {phishing ddos anonymous-proxies spam others}
set tunneling-status {enable | disable}
set tunneling-address <tunneling_address>
set tunneling-port <tunneling_port_int>
set tunneling-username <tunneling_user_str>
set tunneling-password <tunneling_pswd>
end