Technical Tip: How to setup threat feed in FortiSASE

Description

This article describes how to configure threat feeds in FortiSASE to enhance security.

Scope

FortiSASE.

Solution

Threat feeds automatically import external block lists from an HTTP server in plain text format. These block lists can enforce security policies, whether long-term restrictions on specific websites or short-term blocks for known compromised locations.

Go to Security -> Resources -> External feeds -> Create New.

Once the threat feed is up, then a green signal can be seen.

Since 'Block in Threat Feed Deny policy' is enabled, the newly created threat feed is automatically added to the system-defined rule.

If 'Block in Threat Feed Deny policy' is not enabled, then the user needs to manually create a policy and add the threat feed in the destination and mark the action as block. This gives more granular control to the user based on the source/user group.