Created on 05-21-2020 08:49 AM Edited on 05-12-2023 05:47 AM By Anthony_E
FortiOS version V6.2 onwards the external block list (threat Feed) in firewall policy can be done.
In addition to using the external block list for web filtering and DNS, use it in firewall policies.
This article describes how to use the external block list.
This version includes the following new features:
1) Policy support for external IP list used as source/destination address.
2) Support for IPv4 and IPv6 firewall policy only. ACL, DoS, NAT64, NAT46, shaping, local-in policy are not supported.
3) Support for both CLI and GUI.
Go to Security Fabric -> Fabric Connectors -> Threat Feeds -> IP Address, create or edit an external IP list object.
# config system external-resourceTo apply an external IPlist object to the firewall policy using the CLI.
set status enable
set type address
set username ''
set password ENC
set comments ''
set resource "http://100.100.100.100/ip_list_test/test-external-iplist-2.txt"
set refresh-rate 15
# config firewall policyResults.
set name "policyid-1"
set srcintf "wan2"
set dstintf "wan1"
set srcaddr "all"
set dstaddr "test-external-iplist-1"
set action accept
set schedule "always"
set service "ALL"
set logtraffic all
set auto-asic-offload disable
set nat enable
The content of external feed can be monitored with the following API query:
access_token=Hnb9ccdd17y10xnp7zn1mjtwkQ0nwN where 'USOM' is the name of the external threat feed.
This API query will show both content of the feed and the latest status of feed update.
In case of a communication issue, the API query will report the status as 'error' similar to the
Following example :
The following URL will provide only the status of the External connector without the content of it :
Remark: In case of communication issues, FortiGate does not receive the updates but preserves the original file.
Below are the steps for configuring windows pc as an external server for Thread feed:
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.