Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
anoushiravan
Staff
Staff

Created on ‎09-29-2022 09:29 PM Edited on ‎09-29-2022 09:30 PM By Community Manager

Article Id 225335

Technical Tip: How to use an external resource on a remote HTTP or HTTPS server to block the user traffic to the certain URLs

Description This article explains how to use external resources which consist of plaintext URLs or IP addresses to filter the traffic using DNS filter.
Scope Filter the DNS traffic using the external resources on a remote HTTP server.
Solution

FortiGate periodically connects to the remote HTTP server to retrieve the latest URL list.

 

Expectations, Requirements.


External Resources need to meet the following requirements:

- The external resource file will be a plaintext format file, and each URL will be in a single line.
- Each line can be an IP address or a subnet.
- The file is limited to 10M.
- The maximum number of lines is limited to 128K (128 x 1024 entries).
- The line length limit is 4K characters.
- The entries limited also follow table size limitation defined by CMDB per model.

 

Configuration.

 

- Configure the external resource from CLI:

 

# config system external-resource
    edit "External-resource-files"
        set type address
        set resource "http://10.104.3.130/resources/urls"
        set refresh-rate 2
    next
end

 

Note.

FortiGate connects to the remote HTTP server every 2 minutes (set refresh-rate 2).

- Enable external resources on DNS Filter profile.

 

# config dnsfilter profile
    edit "default"
        set external-ip-blocklist "External-resource-files"
    next
end


Verification.


Open an SSH session via PuTTY per Master and Slave unit and run the below command on both units:

 

FGT # fnsysctl ls -l /var/log/external/

-rw-r--r-- 1 0 0 Mon Apr 25 04:15:19 2022 15762 ext-root.External-resource-files
-rw-r--r-- 1 0 0 Mon Apr 25 04:15:19 2022 33 ext-root.External-resource-files.csum
-rw-r--r-- 1 0 0 Mon Apr 25 04:15:19 2022 35 ext-root.External-resource-files.etag

Here is the HA log massage where the units are out of syn due "external-files" when FGT connect to the HTTP or HTTPS server to get the latest URL list:

date=2022-04-25 time=04:15:41 id=7090343938808087133 itime="2022-04-25 04:15:43" euid=3 epid=3 dsteuid=3 dstepid=3 logver=700020234 logid=0108037903 type="event" subtype="ha" level="information" msg="The sync status with the primary" logdesc="Synchronization status with primary" sync_type="external-files" sync_status="out-of-sync" eventtime=1650849342264133363 tz="+0300" devid="FG1K5DT365987569" vd="root" dtime="2022-04-25 04:15:41" itime_t=1650849343 devname="FW1"


Related article:
https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/790156/external-resources-for-web-filter
1879
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.