Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
sbabu
Staff
Staff

Created on ‎09-26-2024 03:25 AM Edited on ‎01-24-2025 01:46 AM By Moderator

Article Id 344359

Technical Tip: How to configure an internal IPv6 threat feed server

Description This article describes how to configure an external IPv6 threat feed server.
Scope FortiGate and internal threat feed server.
Solution

A Threat feed server provides a continuous stream of data about potential and current cyber threats such as malware, phishing attacks, Vulnerabilities, and compromised IP addresses from various sources.

 

An Internal threat feed server empowers organizations' cybersecurity by providing real-time insights into potential cyber threats.

 

Topology:

 

IPv6 Threat feed.drawio (1).png

 

Configuration: 

  1. Check the connectivity from the FortiGate to the IPv6 Threat feed server by executing the below commands:

 

MAIN_FW # exec ping6-options source6 fd01:af0:8003:2::af

MAIN_FW # exec ping6 fd01:af0:8003:2::2
PING fd01:af0:8003:2::2(fd01:af0:8003:2::2) from fd01:af0:8003:2::af : 56 data bytes
64 bytes from fd01:af0:8003:2::2: icmp_seq=1 ttl=128 time=2.54 ms
64 bytes from fd01:af0:8003:2::2: icmp_seq=2 ttl=128 time=1.30 ms

 

  1. Install a simple web server for threat feed server replication.

    • Once installed, the threat feed server stores the threat feed database in text format, saves the file in a folder, and notes the IP address and port number where the server is listening.

     

    ipv6 server folder path.png

     

  2. Select the IPv6 link to access the folder in the web browser. Then select the .txt file to get the URL path.

  1.  

    ipv6 server url access.png

     

  1. Configure a Threat feed server in FortiGate under External ConnectorSelect 'Create new', select the IP address in the Threat feed category, and paste the URL as shown in the screenshot below.


  • Fortigte Ipv6 Threat feed .png

     

Once configured, wait some time to fetch the entries from the Threat feed server. 

 
  1. Configure a policy to block the threat feed database traffic:
 
 
 

MAIN_FW (1) # show
    config firewall policy
        edit 1
            set name "test"
            set uuid 6feba752-7be8-51ef-ca40-6c7b43598ea5
            set srcintf "port4"
            set dstintf "port1"
            set srcaddr6 "all"
            set dstaddr6 "Blocklist"
            set schedule "always"
            set service "ALL"
            set logtraffic all
        next
    end

 

If the threat feed is not connecting, check the route toward the server and collect the logs below.

 

Putty session 1:

 

get router info6 routing details <server IP address> 

exec ping6 <server IP address>

 

Putty session 2:

 

diag debug reset

diag debug console timestamp enable

diag debug application forticron 0xf00

diag debug enable
290
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.