how to block malicous ip || 5000 IPs ||

Creating 5000 address objects is not a good idea Fortigate performance-wise. As you correctly noticed, you have external feeds for that, but to use this feature you have to have some external server (managed by you or by threat list provider) that will host this IP list in a text format downloadable by the Fortigate via HTTP. You cannot manually import list of IPs to the Fortigate as is.

I wrote short post with screenshots on how to do so, you may find helpful: https://yurisk.info/2020/08/08/fortigate-using-external-threat-feeds-and-ip-domain-block-lists/ 

In general terms:

1. You install/set up HTTP server (say Apache/Nginx) on local network, and make it serve your IPs to block list via an URL, say http://10.10.10.11/blocklist.txt. Any HTTP-accessible storage will do, e.g. I have a client that combines few such feeds into 1 file stored on AWS S3 bucket, then Fortigate downloads this list from there, no need of a web local server.
2. You create a text file e.g. blocklist.txt where you put all the IPs you want to block, in the following format:

# last updated 1595753401 (Sun Jul 26 08:50:01 2020 GMT) 0.0.0.0/8 5.44.248.0/21 5.57.208.0/21 5.172.176.0/21

3. You create External Threat Feed in the fortigate that you point to the URL http://10.10.10.11/blocklist.txt , then use it in the rules.