Technical Tip: Types of External Threat Feed and their locations in the GUI
| Description | This article describes the types of External Threat Feed and their locations in the GUI. |
| Scope | FortiGate. |
| Solution | There are 5 types of External Threat Feed:
CLI commands to view the type of the External Threat Feed:
config system external-resource edit "test-ip" set type address<----- This IP address will be in the DNS profile under the external-ip-blocklist. This can also be used under IPv4 policies as Source/Destination. set resource "http://1.1.1.1" next edit "Test-domain" set type domain <----- This category will be in the DNS filter profile only. set category 192 set resource "http://2.2.2.2" next edit "Test-cat" set type category set category 193 <----- This category will be in the Web-filter profile only. set resource "http://3.3.3.3" next edit "Test-Hash" set type malware <----- This Hash list will be in the antivirus profile. set resource "http://4.4.4.4" vnext end
edit "mac address" set type mac-address <----- This can be used as a source in firewall policies, proxy policies, and ZTNA rules. For policies in transparent mode or the Firewall Virtual Wire Pair Policy, the MAC Address Threat Feed can be used as a source or destination address. set resource "http://5.5.5.5" next The GUI Location to view each External Threat Feed is as follows:
The resource will automatically be used for Virus Outbreak Prevention on AntiVirus profiles where the 'External Malware Block List' is enabled.
5. MAC Address.
This can be used as a source in firewall policies, proxy policies, and ZTNA rules. For policies in transparent mode or the Firewall Virtual Wire Pair Policy, the MAC Address Threat Feed can be used as a source or destination address. The file should be a plain text file with one MAC address, MAC range, or MAC OUI on each line.
For example:
|
