Technical Tip: FortiGuard IOC download connectivity requirements

Description

This article describes the required network connectivity for FortiGuard IOC downloads

and outlines supported options for environments with restricted or no internet access.

Scope

FortiSIEM.

Solution

Overview:

FortiSIEM integrates with FortiGuard Threat Feeds to automatically download and update

Indicators of Compromise (IOCs). These IOCs enhance threat detection, correlation,

and overall security visibility within the FortiSIEM platform.

This article describes the required network connectivity for FortiGuard IOC downloads

and outlines supported options for environments with restricted or no internet access.

Connectivity requirements:

To download FortiGuard IOCs successfully, the FortiSIEM Supervisor must have outbound

network connectivity with the following minimum requirements:

• Destination: update.fortiguard.net.

• Protocol: TCP.

• Port: 443 (HTTPS).

Proxy-based internet access:

In environments where direct internet access is restricted, FortiSIEM supports HTTP/HTTPS proxy configuration for FortiGuard communication. When a proxy is configured on the Supervisor, FortiSIEM routes FortiGuard IOC update traffic through the proxy, eliminating the need for direct internet access from the system.

Configuration details are available in the FortiSIEM User Guide: Working with FortiGuard Threat Feeds.

Environments without internet access:

If internet access cannot be permitted on the FortiSIEM Supervisor, either directly

or via a proxy, FortiGuard IOC downloads are not currently supported.

At present, FortiSIEM requires online connectivity to FortiGuard services for IOC updates,

and there is no supported method for manual or offline FortiGuard IOC import.

Organizations operating in fully offline or air-gapped environments are advised to:

• Contact their Fortinet Sales representative or Account Manager.

• Submit a new feature request to request support for offline FortiGuard IOC downloads.