- To configure the threat feed list, refer to the following document:
Threat feeds
-
When the connection from FortiGate to the respective URL is successful, the user will be able to view the number of entries via the GUI:
-
However, if the connection to the threat feed URL fails, the entries would show 'Resource file not found' an empty list will be visible when 'View Entries' is selected.
-
Although the GUI is not showing any entries, that does not mean that FortiGate does not contain the list of the threat feed list.
This can be verified via the following command in the CLI:
diagnose sys external-address-resource list
diagnose sys external-address-resource list <Connector_Name>
The list is still stored in the resource list, despite the GUI showing that there is no result.
The reason is that the GUI is the result of the live query, but the records can only be checked in the CLI.
If the FortiGate has an issue obtaining the threat feed list from the source, the list will be cleared if FortiGate is being rebooted.
Note: If an entry such as 0.0.0.1 - 31.255.255.254 is present (e.g., 31.244.244.233/2), it represents a very large subnet.
| IP Address: |
31.13.131.13 |
| Network Address: |
0.0.0.0 |
| Usable Host IP Range: |
0.0.0.1 - 31.255.255.254 |
| Broadcast Address: |
31.255.255.255 |
Before adding any IP address to a policy or object group, ensure the subnet is accurate. Using an overly broad subnet (like /2) can unintentionally include many unrelated IPs, leading to network-wide access blocks or outages.
|
