Scribd
Upload
80 views9 pages

IPS Lab: Blocking Malicious URLs & IPs

The document provides a step-by-step guide for configuring an Intrusion Prevention System (IPS) using FortiManager, including blocking malicious URLs and botnet C&C IPs. It details how to edit security profiles, install policies, and verify logs for testing malicious URLs and botnet connections. The instructions are aimed at ensuring effective security measures are implemented within a network environment.

Uploaded by

Williams
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
80 views9 pages

IPS Lab: Blocking Malicious URLs & IPs

The document provides a step-by-step guide for configuring an Intrusion Prevention System (IPS) using FortiManager, including blocking malicious URLs and botnet C&C IPs. It details how to edit security profiles, install policies, and verify logs for testing malicious URLs and botnet connections. The instructions are aimed at ensuring effective security measures are implemented within a network environment.

Uploaded by

Williams
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Intrusion Prevention System (IPS) Lab:

Block Malicious URL:


Block Malicious URLs, Go to Policy & Objects > Object Configurations >Security Profiles>
Intrusion Prevention. Edit an existing sensor or create a new one. Enable Block malicious URLs.
Configure other settings as needed. Click OK.

1 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@[Link] , WhatsApp: 00966564303717


Continue on the FortiManager GUI, click Policy Packages, Click HQ-FW>Firewall Policy. Select
the first policy at the top of the list, and then click Edit.

2 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@[Link] , WhatsApp: 00966564303717


Click the Security Profiles check box. Configure IPS Profile and SSL/SSH Inspection and click OK.

3 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@[Link] , WhatsApp: 00966564303717


Install the Policy:
Continue on the FortiManager GUI, click Install>Install Wizard.

Select Install Policy Package & Device Settings. Conform that the HQ-FW policy package is
selected. And then click Next.

Confirm that the HQ-FW device is selected, and then click Next.

4 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@[Link] , WhatsApp: 00966564303717


Click Install Preview to see changes that will be applied to FortiGate. Click Close on the Install
Preview page. Click Install.

Once done click Finish.

5 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@[Link] , WhatsApp: 00966564303717


Navigate to System>FortiGuard click on Intrusion Prevention Botnet Domains and click View List
to get any sample Malicious URLs from the list to test in Internal LAN PC.

Now test any malicious URLs from Internal LAN PC in this case [Link]

To verify the logs, Navigate to Log & Report >Intrusion Prevention.

6 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@[Link] , WhatsApp: 00966564303717


Now test any malicious URLs from Internal LAN PC in this case [Link]

To verify the logs, Navigate to Log & Report >Forward Traffic.

7 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@[Link] , WhatsApp: 00966564303717


Botnet C&C IP Blocking:
To configure botnet C&C IP blocking, Go to Policy & Objects > Object Configurations >Security
Profiles> Intrusion Prevention. Edit an existing sensor or create a new one. Navigate to the
Botnet C&C section. For Scan Outgoing Connections to Botnet Sites, click Block or Monitor.
Configure other settings as needed.
Click Apply. Botnet C&C is now enabled for the sensor. Add this sensor to the firewall policy.

Now test any Botnet C&C IP from Internal LAN PC in this case [Link]

8 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@[Link] , WhatsApp: 00966564303717


To verify the logs, Navigate to Log & Report >Intrusion Prevention.

In FortiAnalyzer, navigate to Log View>FortiGate>Instruction Prevention

9 | P a g e Created by Ahmad Ali E-Mail: ahmadalimsc@[Link] , WhatsApp: 00966564303717

You might also like