After the 'Threat feed' is configured according to the link:

Threat feeds 

If the connection to the URL fails, then the error is shown on the GUI

To validate the connection by CLI it is necessary to run the debug:

diagnose debug application forticron -1

diagnose debug console timestamp enable

diagnose debug enable

Next, a threat-feed refresh is needed. It could be accomplished by one of the following commands:

diagnose test application forticron 8 <----- Reload external resource.

execute update-external-resource <threat-feed name> <----- Only the requested threat-feed will be updated.

After executing one of the above commands, forticron debug will show the following messages:

2024-07-24 12:35:50 2674-init-as: fd=-1 name='ext-053825ae-4937-51ef-6016-f8976124c21a' feed_name='ext-root.IOC-SISAP' http_1=0 loc=0 state=send.body info=0-None chunk=0 content-0=0 etag=0 csum=0 done=0 closed=0

    sync-0(len=0 note=0 err=0) buf-1(sz=8192 data=0 free=8192 pos=0 end=0 max=134217728)

2024-07-24 12:35:50 http_request_make()-2155: HTTP request: http

GET /IoC/ExternalThreats/threats.txt HTTP/1.1

Host: 192.168.13.21

User-Agent: curl/7.58.0

Accept: */*

Connection: close

2024-07-24 12:35:50 http_request_make()-2190: fcron_get_addr(192.168.13.21)

2024-07-24 12:35:50 __http_resolv_cb()-1970: fos_epoll_add(22)

2024-07-24 12:35:50 __update_ext()-248: Updating EXT 'IOC-SISAP' with HTTP

2024-07-24 12:35:50 fcron_timer_func()-32: Timer ext_upd done

2024-07-24 12:35:50 fcron_epoll_before_handle()-264: BEFORE WRITE fd 22 handle event 0x04 write 0xd907d0 epoll events 0x04

2024-07-24 12:35:50 __http_connect()-1865: tcps_connect(192.168.13.21) is established.

…

2024-07-24 12:35:50 fcron_epoll_after_handle()-280: AFTER WRITE ret 0

2024-07-24 12:35:50 fcron_epoll_before_handle()-260: BEFORE READ fd 22 handle event 0x01 read 0xd906a0 epoll events 0x01

2024-07-24 12:35:50 __http_recv()-1795: Server [192.168.13.21:80]: read=428 data=428 free=7764

2024-07-24 12:35:50 2674-Loop-handle: fd=22 name='ext-053825ae-4937-51ef-6016-f8976124c21a' feed_name='ext-root.IOC-SISAP' http_1=1 loc=0 state=recv.header info=0-None chunk=0 content-0=0 etag=0 csum=0 done=0 closed=0

    sync-0(len=0 note=0 err=0) buf-1(sz=8192 data=428 free=7764 pos=0 end=428 max=134217728)

2024-07-24 12:35:50 2674-__http_recv_handle_header: fd=22 name='ext-053825ae-4937-51ef-6016-f8976124c21a' feed_name='ext-root.IOC-SISAP' http_1=1 loc=0 state=recv.header info=0-None chunk=0 content-0=0 etag=0 csum=0 done=0 closed=0

    sync-0(len=0 note=0 err=0) buf-1(sz=8192 data=428 free=7764 pos=0 end=428 max=134217728)

2024-07-24 12:35:50 __http_recv_handle_header()-1419:

HTTP/1.1 404 Not Found

Date: Wed, 24 Jul 2024 18:35:50 GMT

Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips

Content-Length: 229

Connection: close

Content-Type: text/html; charset=iso-8859-1

2024-07-24 12:35:50 __http_recv_handle_header()-1435: response code is 404

2024-07-24 12:35:50 __http_recv_handle_header()-1450: Try with HTTP 1.0

2024-07-24 12:35:50 __set_next_retry_time()-225: Next update for ext 'IOC-SISAP' fires in 0 seconds

2024-07-24 12:35:50 ext_update_result()-339: HTTP result=4: __http_recv_handle_header() Try again with HTTP 1.0

2024-07-24 12:35:50 2674-__http_stop: fd=22 name='ext-053825ae-4937-51ef-6016-f8976124c21a' feed_name='ext-root.IOC-SISAP' http_0=1 loc=0 state=recv.body info=0-Resource not found chunk=0 content-0=0 etag=0 csum=0 done=0 closed=0

    sync-0(len=0 note=0 err=0) buf-1(sz=8192 data=428 free=7764 pos=0 end=428 max=134217728)

2024-07-24 12:35:50 __http_stop()-734: Close http connect: response code not Accept

After the TCP (three-way handshake) is completed to the web server 192.168.13.21, the FortiGate (HTTP client) sends the 'HTTP GET' to obtain the threat feed information for the URL.

The web server responds with the HTTP error code 404 which means that the server could not find the client-requested webpage/URL.

When the connection is successful, after the HTTP GET request, the server will respond with the HTTP 200 OK:

HTTP/1.1 200 OK

Date: Thu, 25 Jul 2024 19:53:46 GMT

Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips

Last-Modified: Thu, 25 Jul 2024 19:51:48 GMT

ETag: "8c-61e17b9b2678e"

Accept-Ranges: bytes

Content-Length: 140

Connection: close

Content-Type: text/plain; charset=UTF-8

And FortiGate will updatethe threat feed list:

2674-Remove-header: fd=22 name='ext-053825ae-4937-51ef-6016-f8976124c21a' feed_name='ext-root.IOC-SISAP' http_1=1 loc=0 state=recv.body info=0-None chunk=0 content-1=140 etag=0 csum=0 done=0 closed=0

    sync-0(len=0 note=0 err=0) buf-1(sz=8192 data=140 free=8052 pos=0 end=140 max=134217728)

2674-__http_recv_handle_body: fd=22 name='ext-053825ae-4937-51ef-6016-f8976124c21a' feed_name='ext-root.IOC-SISAP' http_1=1 loc=0 state=recv.body info=0-None chunk=0 content-1=140 etag=0 csum=0 done=0 closed=0

    sync-0(len=0 note=0 err=0) buf-1(sz=8192 data=140 free=8052 pos=0 end=140 max=134217728)

2674-__http_recv_handle_body_done: fd=22 name='ext-053825ae-4937-51ef-6016-f8976124c21a' feed_name='ext-root.IOC-SISAP' http_1=1 loc=0 state=recv.body_done info=0-None chunk=0 content-1=140 etag=0 csum=0 done=0 closed=0

    sync-1(len=140 note=0 err=0) buf-1(sz=8192 data=0 free=8192 pos=0 end=0 max=134217728)

load_ext_ip_line()-2127: invalid ip range 34.25.871  < ---

ext_entry_count_write()-349: 053825ae-4937-51ef-6016-f8976124c21a: wrote 12 entries to file  <---

ext_csum_write()-893: ext-053825ae-4937-51ef-6016-f8976124c21a: csum='c0097e05f5ba5bf670f987c983f2a0c7'

ext_update_result()-339: HTTP result=0: Succ

ext_http_etag_write()-829: ext-053825ae-4937-51ef-6016-f8976124c21a: etag='"8c-61e17b9b2678e"'

ext_file_sync()-1250: update done: tag=1

2674-before-init: fd=22 name='ext-053825ae-4937-51ef-6016-f8976124c21a' feed_name='ext-root.IOC-SISAP' http_1=1 loc=0 state=recv.body_done info=1-Succ chunk=0 content-1=140 etag=0 csum=0 done=1 closed=0

This status will be shown on the FortiGate GUI: