Created on
09-29-2022
09:29 PM
Edited on
06-10-2025
10:25 PM
By
Anthony_E
Description | This article explains how to use external resources, which consist of plaintext URLs or IP addresses,s to filter the traffic using a DNS filter. |
Scope | Filter the DNS traffic using the external resources on a remote HTTP server. |
Solution |
FortiGate periodically connects to the remote HTTP server to retrieve the latest URL list.
Expectations, Requirements.External Resources need to meet the following requirements:
Configuration.
config system external-resource
Note. FortiGate connects to the remote HTTP server every 2 minutes (set refresh-rate 2).
config dnsfilter profile
FGT # fnsysctl ls -l /var/log/external/ -rw-r--r-- 1 0 0 Mon Apr 25 04:15:19 2022 15762 ext-root.External-resource-files Here is the HA log massage where the units are out of syn due "external-files" when FGT connect to the HTTP or HTTPS server to get the latest URL list: date=2022-04-25 time=04:15:41 id=7090343938808087133 itime="2022-04-25 04:15:43" euid=3 epid=3 dsteuid=3 dstepid=3 logver=700020234 logid=0108037903 type="event" subtype="ha" level="information" msg="The sync status with the primary" logdesc="Synchronization status with primary" sync_type="external-files" sync_status="out-of-sync" eventtime=1650849342264133363 tz="+0300" devid="FG1K5DT365987569" vd="root" dtime="2022-04-25 04:15:41" itime_t=1650849343 devname="FW1"
Technical Tip: The external resource contains more entries than is supported |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.