Created on
05-21-2020
08:49 AM
Edited on
03-19-2025
06:04 AM
By
Jean-Philippe_P
Description
This article describes how to use the external block list.
In FortiOS version v6.2 onwards, the external block list (threat feed) can be added to a firewall policy.
In addition to using the external block list for web filtering and DNS, it can be used in firewall policies.
Scope
FortiOS v6.2+.
Solution
This version includes the following new features:
Note:
From versions 7.2.4 and 7.4.0, the External Threat Feed object is now additionally supported in local-in policies. It can be added as a srcaddr or a dstaddr. External Threat Feed object adding as a source in local in policy is not supported in the v7.0 firmware series.
Configuration.
Go to Security Fabric -> Fabric Connectors -> Threat Feeds -> IP Address, and create or edit an external IP list object.
The content of the external feed can be monitored with the following API query:
https://x.x.x.x/api/v2/monitor/system/external-resource/entry-list/USOM/?
access_token=Hnb9ccdd17y10xnp7zn1mjtwkQ0nwN where 'USOM' is the name of the external threat feed.
This API query will show both the content of the feed and the latest status of the feed update.
In case of a communication issue, the API query will report the status as an 'error' similar to the
Following example:
The following URL will provide only the status of the External connector without the content of it :
https://x.x.x.x/api/v2/monitor/system/external-resource/entry-list/USOM?status_only=true
Remark: In case of communication issues, FortiGate does not receive the updates but preserves the original file.
Below are the steps for configuring a Windows PC as an external server for a threat feed:
1.Navigate to start and search for Turn windows features on or off.
2.Enable IIS(Internet Information service)
3.Navigate to the following path in pc C:\inetpub\wwwroot
4.Create a text file and add entries to that file.
5.Configure the URI link as http://<IP address of PC>/<filename.txt> on fortigate firewall.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.