Welcome to the Criminal IP Integration with Fortinet Firewalls!
This project automates the process of swiftly blocking malicious IP addresses identified by the Criminal IP service using Fortinet firewalls. By leveraging Criminal IP's real-time threat intelligence, the system retrieves and updates lists of identified malicious IPs. It then seamlessly creates and manages corresponding block rules on Fortinet firewalls.
-
Fetch Malicious IP List: Retrieves the latest list of IP addresses classified as malicious from Criminal IP service.
-
Rule Creation: Automatically generates block rules on Fortinet firewalls based on the malicious IP list obtained from Criminal IP.
-
Rule Management: Periodically reviews, updates, or removes created block rules as necessary.
Before using this system, ensure you have the following:
-
Criminal IP API Key: Obtain from Criminal IP after logging in.
-
Fortigate Token: Token value granted when creating a REST API Administrator account on Fortigate.
-
Fortigate Policy ID: ID of the source-destination policy under Policy & Object > Firewall Policy in Fortigate.
- Clone the repository:
git clone https://github.com/criminalip/Fortinet-Maliciousip-AutoBlock.git
- fire_config.py settings:
| Setting | Description |
|---|---|
| CRIMINALIP_API_KEY | Insert your Criminal IP API KEY here. |
| TARGET | Insert the firewall address here. |
| TOKEN | Insert the Fortigate Token here. |
| POLICYID | Put the Fortigate Policy ID here. |
📦Auto_malicious_ip_block
┣ 📂core
┃ ┣ 📂api
┃ ┃ ┣ 📂input
┃ ┃ ┣ 📂output
┃ ┃ ┣ 📜cip_request_get_ip.py
┃ ┃ ┗ 📜managefiles.py
┃ ┗ 📂fwb
┃ ┃ ┗ 📜_ftg_request_parm.py
┣ 📜cip_c2_detect_query.json
┣ 📜fire_config.py
┗ 📜main.pypython main.pyShows an example of how uploaded IP addresses can be organized into a single group, and how to manage the particular group by date and policy.
