Description
This article describes the supported Domain name format configuration under Domain name external threat feed and configuration sample.
Solution
The Domain name external threat feed can only support the following 2 formats.
- Static URL.
Example.
Example.
The provided web server sample here is a Linux server and the setup of Linux server is not included into this documentation.
- Make sure that the 'txt' file is accessible from the FortiGate network. It is possible to open up from browser to check. It will be possible to read the 'txt' file from the browse as following:
This article describes the supported Domain name format configuration under Domain name external threat feed and configuration sample.
Solution
The Domain name external threat feed can only support the following 2 formats.
- Static URL.
Example.
fortinet.com- URL with wildcard.
facebook.com
example.com
Example.
mail.*.fortinet.comTo configure Domain name external connector:
*.-special.facebook.com
www.*example.com
The provided web server sample here is a Linux server and the setup of Linux server is not included into this documentation.
- Make sure that the 'txt' file is accessible from the FortiGate network. It is possible to open up from browser to check. It will be possible to read the 'txt' file from the browse as following:
- Create a new external connector and select 'Domain Name'.
- Configure the 'Domain Name' connector with format 'http://x.x.x.x/textfile.txt' as per following (x.x.x.x is the IP address of the web server):
- Check status make sure it is in green and entries are visible:
- Use the Domain name threat feed on the DNS filter.
- Use the DNS filter under the firewall policy.
Make sure the DNS filter is applied on the firewall policy which the user DNS query is sending. In this test scenario, public DNS (8.8.8.8) is used.Therefore, it is necessary to apply on the firewall policy which is facing to the internet.
If internal DNS is used, make sure to apply on the firewall policy from user to your internal DNS.
