FortiOS 6.4.x benutzt per default fortiguard-anycast.

fortiguard-anycast ist meiner Meinung nach noch nicht wirklich stabil und es führt zu Client-Disconnects, wenn die anycast Server aus irgendeinem Grund nicht erreichbar sind.

Kein Surfen und  kein SSH.


Falls die Fortiguard Rating Server immer wieder ausfallen einfach auf die „alte“ Methode zurückswitchen

config system fortiguard

set fortiguard-anycast disable

set port 8888

set protocol udp

set sdns-server-ip 208.91.112.220

end

 

Danach auf der Console noch prüfen:

#diag debug rating

 

Nun sollten wieder einige Server gelistet sein.

Die Beschreibung zur Verwendung befindet sich im Quellcode.

#/usr/bin/perl -w

##############################################################################
# CGPro Honeypot 2 Fortigate Threat Feed
# Version 1.0
# Maintained by Juergen P. [core.at]
#
# This sample script writes Temporary Blacklisted IP's from a CommuniGate Pro SMTP/SIP Honeypot
# to a File for offloading BAD host blocking to a Fortigate Firewall with Forti OS 6x
# via the Fortigate Threat Feed Connector. You should adopt it to your needs.
# The Script should be run via cron (i suggest every 5 minutes) and write the o utput
# to a textfile into a specific CGPro users webspace(public) for downloading to the firewall
# via the following FortiOS CLI configuration commands:
######
# config system external-resource
# edit <name>
# set type {category | address | domain}
# set category <value>
# set comments [comments]
# set resource <resource-url>
# set refresh-rate <minutes>
# set last-update <datetime>
# next
# end
#####
#
# The Threat feed connector flushes the Table at each run, so IPs which are not blocked anymore, are removed.
# The size of the file can be a maximum of 10 MB, or 128,000 lines of text, whic hever is most restrictive.
#####
# Replace $CGServerAddress, $Login and $Password below with the correct Values in Section 2
# To run in interactive mode for testing, uncomment Section 1 and comment out S ection 2
# Replace $filename with the filename you defined in the Fortinet Fortigate con fig.
#
##############################################################################
use strict;

# Make sure the "CLI.pm" is in current directory
use CLI;
use LWP::UserAgent;
my $Data ="";
my $x =""; #counter
my $filename ="/var/CommuniGate/SharedDomains/my.domain/postmaster.macnt/account.w eb/honeypotlist.txt";
my $ua=new LWP::UserAgent;
my $request="";
my $response="";
my $content="";
my $url="";
####
#### Section 1
####
# print "Server address: "; # Print the server name prompt
# my $CGServerAddress = <STDIN>; # Read the domain name from standard inp ut
# chomp $CGServerAddress; # Remove \n if present
#
# print "Login (Enter for \"postmaster\"): ";
# my $Login = <STDIN>;
# chomp $Login;
# if ($Login eq '') { $Login = "postmaster"; }
#
# print "Password: ";
# my $Password = <STDIN>;
# chomp $Password;
#
#### End of Section 1

### Section 2

my $CGServerAddress = "1.2.3.4"; # CGPro Server IP
my $Login="postmaster"; # CGPro postmaster Account
my $Password="MyPassword"; # CGPro postmaster Password

#### End of Section 2

# Open TCP connection to given address port 106 (PWD, or CGPro CLI).
# Submit username and password. If login fail, the program will stop.

my $cli = new CGP::CLI( { PeerAddr => $CGServerAddress,
PeerPort => 106,
login => $Login,
password => $Password } )
|| die "Can't login to CGPro: ".$CGP::ERR_STRING."\n";

if($Data = $cli->GetTempBlacklistedIPs()) {
# my $a = split(/,/,$Data); # Number of Elements (uncomment, if needed)
my @b = split(/,/,$Data); # Array of IPs including time in seconds
open(my $OUTFILE, '>', "$filename") || die "could not open output file: $!" ;
select $OUTFILE;
foreach $x (@b) {
$x=~ s/\].*//; # remove everything after "]"
$x= substr $x,1; # remove first "["
print "$x\n"; # write IP to file

$ua->timeout(120);
$url='http://my.rbl.domain/drop.php?ipaddress='.$x.'&black orwhite=b&notes=blacklisted';
$request = new HTTP::Request('GET', $url);
$response = $ua->request($request);
$content = $response->content();
print $url;
print $content;

}
#print "$a\n"; # Print Number of elements

}
else
{
($cli->isSuccess) ? print "No Output created.\n"
: die "Error: ".$cli->getErrMessage.", quitting"; }

$cli->Logout; # Close the CLI session and disconnect

__END__