Description |
This article illustrates FortiGate behavior on threat feed list when the connection between FortiGate and the threat feed list URL failed. |
Scope | FortiGate 6.2.x and above. |
Solution |
1) To configure threat feed list, refer to the following document: https://docs.fortinet.com/document/fortigate/6.2.0/cookbook/9463/threat-feed
2) When the connection from FortiGate to the respective URL is successful, user will be able to view the number of entries via GUI:
3) However, if the connection to the threat feed URL fails, the entries would show 'Resource file not found' an empty list will be visible when 'View Entries' is selected.
4) Despite that the GUI is not showing any entry, that does not means that FortiGate do not contain the list of the threat feed list.
This can be verified via the following command in the CLI:
# diag sys external-address-resource list # diag sys external-address-resource list <Connector_Name>
The list is still stored in the resource list despite the GUI is showing that there is No result. The reason is that the GUI is the result of the live query, but the records can only be checked in the CLI.
If the FortiGate has an issue obtaining the threat feed list from the source, the list will be cleared if FortiGate is being rebooted. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.