Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Kraven2323
Staff
Staff

Created on ‎04-26-2022 03:06 AM Edited on ‎08-01-2024 03:27 AM By Community Manager

Article Id 210402

Technical Tip: Domain Name threat feed only applicable in DNS filter profile

Description

This article describes that from V6.2 onwards the external block list (threat Feed) in firewall policy can be done.

Among one of the categories, Domain name threat feed can be configured.
Solution

It is possible to configure the Domain Name threat feed using the following navigation:

Security Fabric -> External Connectors, select 'Create New' -> Threat Feeds -> Domain Name.

 

Kraven2323_0-1650960677588.png

 

The Domain Name contains one domain per line. Simple wildcards are supported.

It is available as a Remote Category in DNS Filter profiles.

 

Example:

 

mail.*.example.com
*-special.example.com
www.*example.com
example.com

 

Kraven2323_1-1650960753017.png

 

The Domain Name threat feed can only be applied to the DNS filter profile.

 

Kraven2323_2-1650961655446.png

 

Note :

  • If using local DNS, apply the DNS filter on that local DNS server firewall policy.
  •  For Testing and verifying if the thread feed working or not in the system give primary DNS 8.8.8.8 secondary DNS: blank, so DNS traffic will not go to local DNS.

 

Related document:

External resources for DNS filter
6115
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.