FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
osoleimani
Staff
Staff
Article Id 275623
Description

 

This article describes the process of verifying the functionality of threat feed external connectors that are configured at both the global and VDOM levels.

 

Scope

 

FortiGate (Subsequent to FortiOS v7.0).

 

Solution

 

Following the introduction of a new feature in FortiOS version 7.0, once multi-VDOM mode is activated, the threat feed external connector can be configured either globally or within a specific VDOM.

Be aware that a threat feed external connector is restricted to use within the firewall policy of the specific VDOM in which it was created. Conversely, global threat feed external connectors are suitable for use in all VDOMs.

 

In the provided example, to validate the functionality of the threat feed within a Non-Management VDOM with direct internet access in a Multi-VDOM environment, the 'g-TESTTHREATFEED' threat feed external connector has been established at the global level.

Simultaneously, the 'Non_Mgmt_VDOM_TF' threat feeds external connector has been configured within a Non-Management VDOM.

 

Furthermore, both outbound firewall policies associated with their respective threat feed external connectors within the Non-Management VDOM have been set with the 'Deny' action:

 

001-1.jpg

 

002-1.jpg

 

003-1.jpg

 

After accessing websites that resolve to the existing IP addresses listed in those threats feed external connectors, the user encounters an error message in the browser, and the following forward traffic log entries are generated:

 

004-005-006-Final.jpg

 

007-008-009 -Final.jpg

Contributors