Blogger: IT Tidbits - Post a Comment

"Fortigate -> Configure PiHole (like) DNS Setup"

No comments yet. -

1 – 0 of 0

FortiGate -> Pi Hole (like) Config I hate ads.
Fortigate has the ability to add external Block Lists and I determined to find lists and configure it to act much like PiHole.
Core StepsAdd external filter listsSet up a DNS filter, block the external filter listsSet up a DNS server on the Fortigate with the DNS filter enabled

External lists Add the external lists. This is an example of 8 lists that are a mix of advertisers and trackers.SSH to Fortigate.At the CLI you can paste the following:
config system external-resource
edit "Disconnect-Ad-Filter"
set type domain
set category 194
set resource "https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt"
set refresh-rate 60
next
edit "AdGuard"
set type domain
set category 192
set resource "https://v.firebog.net/hosts/AdguardDNS.txt"
set refresh-rate 60
next
edit "Firebog"
set type domain
set category 193
set resource "https://v.firebog.net/hosts/Easylist.txt"
set refresh-rate 60
next
edit "Firebog-Privacy"
set type domain
set category 195
set resource "https://v.firebog.net/hosts/Easyprivacy.txt"
set refresh-rate 60
next
edit "Fireblog-Admiral"
set type domain
set category 196
set resource "https://v.firebog.net/hosts/Admiral.txt"
set refresh-rate 60
next
edit "Fireblog-Privacy-2"
set type domain
set category 197
set resource "https://v.firebog.net/hosts/Prigent-Ads.txt"
set refresh-rate 60
next
edit "OISD"
set type domain
set category 198
set resource "https://dbl.oisd.nl/"
set refresh-rate 60
next
edit "OISD-IP"
set type address
set resource "https://hosts.oisd.nl/"
set refresh-rate 60
next
end
config system dns-server
endDNS FilterAdd a DNS filter. You can do this under the 'Security Profiles' tab in the GUI of the Fortigate. Enable the option FortiGuard Category Based Filter
In the category filter list, locate an entry called 'Remote Categories'. Open, you will find seven of the external entries we added via CLI. Set all of them to 'Redirect to Block Portal'.
At the bottom of the menu, you will find the option External IP Block lists. Click at the + sign and select the entry 'OSID-IP'.
Now, all eight lists are active in this DNS filter profile.

Set up a DNS ServerSetting up a DNS server is most easy done by CLI (like most of things). Paste this code to your CLI to setup the server. Change the dnsfilter-profile to the name of your DNS profile.
edit "internal"
set mode forward-only
set dnsfilter-profile "Your-DNS-Filter"
next

After setting up your DNS serverPublish it with your DHCP.NOTE: This should get rid of many ads (YouTube ads cannot be blocked this way).

Post a Comment On: IT Tidbits

"Fortigate -> Configure PiHole (like) DNS Setup"

No comments yet. -

Leave your comment

This blog does not allow anonymous comments.

Comment moderation has been enabled. All comments must be approved by the blog author.

Post a Comment On: IT Tidbits

"Fortigate -> Configure PiHole (like) DNS Setup"

No comments yet. - document.write("\x3ca onclick\x3d\x22COMMENT_PAGE.togglePostBody(); try{this.blur();}catch(e){}; return false\x22 id\x3d\x22showOrHidePost\x22 href\x3d\x22javascript:void(0);\x22\x3e\x3c/a\x3e\n");

Leave your comment

This blog does not allow anonymous comments.

Comment moderation has been enabled. All comments must be approved by the blog author.

No comments yet. -