Technical Tip: Setting Up a Windows Computer to Serve as an External Threat Feed Server

Description

This article describes how to configure a Windows PC as an External Server for a Threat Feed. The example follows a PC located on LAN, but can as well be hosted on a remote-PC, accessible from the Internet as a regular web server. The configuration steps are the same.

Scope

FortiGate.

Windows (specific versions) that support IIS*

Note:

Internet Information Services (IIS) is a component of the Windows operating system and follows the same lifecycle. Go here to see support timelines for Windows Server (EOS: Aug 2022), Windows 10 Enterprise and Education (EOS: Oct 2025), and Windows 10 Pro (EOS: Oct 2025). Windows 11 replaced IIS.

Solution

The procedures for setting up a Windows computer as an external server for a threat feed are as follows:

1. On PC, navigate to start and search for Turn Windows features on or off.

2. Turn on Internet Information Services (IIS), the system needs to be restarted to apply the changes.
   
   

   

    

3. Navigate to this path: C:\inetpub\wwwroot (this is the default IIS path for the server, but can be changed).

    

   

    

4. Make a text document and include entries in the text file.

    

   

    

5. On the firewall Go to the Security Fabric -> External Connectors -> Create New -> External Feeds -> Select types of threat feeds that need to be created. In the following example, it will be created for the IP Address.
   
   

   

    

6. Set the URL to http://<PC-IP_Address>/<Text-file-name.txt>.
   
   

Note: Make sure created External Threat Feed is sued in Firewall policy to get an update of External Threat Feed address list.

7. After connecting firewall will fetch the address list from the PC.
                  
   

Via CLI:

To view the entries, run the following command:

diagnose system external-address-resource list <name>