Note: This guide will setup a blocking page using a FortiGate Firewall, however there will be a discrepancy between the domain name specified by the client in the HTTPS request and the domain name on the SSL certificate of the FortiGuard blocking page. This mismatch triggers SSL validation problems, resulting in potential errors for clients trying to access the blocking page.
Prerequisites
Access to DNS Filter. You don't need the web filtering license, as we won't use the FortiGuard Category Based Filter to enable the blocking page, but create a custom Threat Feed.
Redirecting connections from the SecureDNS Sinkhole IP Addresses to the FortiGuard Portal IP (or a custom one)
- Select Security Profiles -> DNS Filter
- Select your desired DNS Filter Profile, and enable Static Domain Filter -> External IP Block Lists
- Press the + icon next to External IP Block Lists, and click Create
- Choose a fitting name like "SecureDNS Sinkhole IPs" and leave External Feed on (default)
- In URI of external resource, paste the following link:
-
https://suspicious.secutec.be/sinkhole-addresses.txt
- If you would like to use this internally, you can copy the values of the txt file and host it on a local webpage instead
-
- Turn off HTTP basic authentication
- Leave Refresh Rate and Comments as desired.
- Click OK
- Confirm the Connection is ok by hovering with your mouse over the added list, and select View Entries
- Confirm that every entry has a green check mark "Valid"
- Press OK to save the DNS Filter Profile
Enable the correct DNS Filter Profile under Security Profiles in the correct Firewall Policy to enable the blocking page redirection whenever a domain was blocked by SecureDNS.