Troubleshooting Tip: External connector threat feed connection status 'Not start'

In some cases, the external connector connection status shows 'Not Start' in the GUI after creation.

CLI:

FGT # show full system external-resource
config system external-resource
    edit "Test"
        set status enable
        set type address
        set username ''
        set password ENC XXX
        set comments ''
        set resource "http://xxx.xxx.org/xxx/bad_ip.txt"
        set user-agent ''
        set server-identity-check none
        set refresh-rate 5
        set source-ip 0.0.0.0
        set interface-select-method auto
    next
end

Run the below commands on the FortiGate to debug the connection status.

In v7.0:

diag debug app forticron 960
diag debug console timestamp enable
diag debug enable

In v7.2:

diag debug app forticron 0xf00
diag debug console timestamp enable
diag debug enable

The debug will show the following:

GET /noda/bad_ip.txt HTTP/1.1
Host: xxx.xxx.org
User-Agent: curl/7.58.0
Accept: */*
Connection: close

By default, the user-agent is set to 'curl/7.58.0'.

To fix the connection status issue, change the user-agent to Mozilla/5.0:

config system external-resource
    edit "Test"
        set user-agent "Mozilla/5.0"
    next
end

After the change, select the 'Refresh' button to update the status:

Related documents:

Threat feeds

Technical Tip: External threat list (threat feed) is not working (connector is showing down)