Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
jiahoong112
Staff
Staff

Created on ‎04-10-2023 10:01 PM

Article Id 251864

Technical Tip: Configuring a custom External Threat Feed URL for Web Filter

Description

This article describes how to configure an External Threat Feed for Web Filtering. The reason to use an External Threat Feed URL is that it is a scalable and manageable option if there is an extensive Static URL list to Allow/Monitor/Block using Fortiguard Web Filter.

 

For example, if there are over 70,000+ URL entries in the web filter's static URL filter, this can cause scalability and manageability issues whereby to add an entry, it can take a long time for the list to get updated and the GUI can become very sluggish.

In addition to that, whereby duplicate URLs are inputted, and if each of the duplicates has a different action, it may cause FortiGate to incorrectly block the URL.

Furthermore, with an External URL Threat Feed, it is easily possible to search for any potential duplicate URLs using the text editor's built-in features.
Scope All FortiGate versions that are not End of Support.
Solution

1) Create an External Threat Feed. This can be done on Windows Server OS or any program that can act as a web server.

On the respective operating system, simply create a plain text file with URL entries.

Ensure this threat feed can be accessed through the web browser.

 

Example: 

 

url-list.png

 

Accessed through Google Chrome:

 

urlss.png

 

2) Connect the FortiGate to the External URL List.

On the GUI, go to Security Fabric -> External Connectors, select 'Create New', scroll down and under Threat Feeds, select FortiGuard Category. 

 

4eabc789-7f77-4c6a-9d78-21a2410074cc.png

 

3) Configure it as such. The URL should be able to resolve the static URL list created on the web server in the earlier steps.

 

fguardconfg.png

 

4) After configuring, the status of the Threat Feed should be valid and have a green check mark.

 

sdads.png

 

5) Select the 'View Entries' button to view the contents of the External URL List. All entries should be deemed Valid by FortiGate.

 

qwe.png

 

6) Go to the Web Filter on FortiGate to configure the Actions to be taken for the URLs in this list. On the GUI, go to Security Profiles -> Web Filter, and select the Web Filter profile to implement the External URL List.

 

qewwq.png

 

The external URL list can be found under FortiGuard Category Based Filter -> Remote Categories.

Actions such as Allow, Monitor, Block, Warning or Authenticate can be applied.

In this case, for testing purposes, Block will be selected as seen in the screenshot above.

 

Results:

 

threatblockfeed.png

 

As cnn.com is a URL in the External URL Threat List, it is Blocked.

In the Category parameter of the Block message, it is possible that it belongs to the External Connector that was configured earlier.

 

 

4565
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.