Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
nevan
Staff
Staff

Created on ‎08-13-2024 10:01 PM

Article Id 332808

Technical Tip: Outgoing interface selection for external resources

Description This article describes the behavior of selecting outgoing interfaces for external resources in a general and multi-VDOM environment for both management and non-management VDOM. 
Scope FortiOS, FortiGate.
Solution

External resources in the FortiGate firewall are a list or database which can be a list of IP addresses, URL lists, or a threat intelligence feed that can be used in the policy or any other filtering.

These resources can be set up externally in a server where the database will get updated and synced the update with FortiOS. Keeping updated will the user to protect their users from security risks and vulnerabilities.

These resources or servers can be connected to a firewall directly or remotely. To enforce communication with the external resources there might be a need for routing or selecting interface. To set the interface the interface selection method has to be set and by default the method is auto. If there is SD-WAN or any specific interfaces that need to be set can be selected from the list. 

ext-res.PNG

 
While selecting the interface from the configuration of 'external-resource' the default interface selection method 'auto' has to be changed and has to use the specified. Once the specify is being used a specific interface can be set only after that.

ext-res1.PNG

 
In the multi-VDOM environment, there are some limitations for selecting the outgoing interface. If the external resources are configured in global or management VDOM, only the interfaces from the management VDOM can be used as expected way. If the external resource is being configured in non-management VDOM, the interfaces from specific VDOM will appear in the list.

Example:

 

config system external-resource
    edit "1"
        set interface-select-method specify
        set interface "port1" <--  It should only show interfaces belonging to the VDOM where it is configured or management VDOM interfaces for global external resources.
    next
end

 

In any case, if the interfaces are not showing under the external resource configuration as per the description, the issue should be reported to the Fortinet Technical Assistance Center. 

Related Articles:
Technical Tip: How to use an external resource on a remote HTTP or HTTPS server to block the user tr...
Technical Tip: IOC as External resource to restrict random user login in SSL VPN
672
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.