Description
This article describes how to fix the issue when the external connector threat feed status is in the 'Unavailable' connection status.
Scope
FortiGate.
Solution
For more info about Threat feeds, visit the below link:
In some cases, the external connector has the connection status immediately after creation.
Other symptoms of this behavior are:
- No packets while running a sniffer.
- Running the debug 'diag debug application forticron 448' returns only '# fcron_ext_handle_cmd_update()-427: command update 'test2''.
This behavior is caused by the external database update being disabled.
config system fortiguard
set update-extdb disable
Re-enabling this option restores communication between the firewall and the server that hosts the threat feed IP list.
If the issue persists, ensure that the firewall can reach the external feed server by testing network connectivity using 'execute ping'. If connectivity is confirmed but the problem remains, and both FortiCron Debug and Sniffer do not show any packets, restart the 'forticron' process using the below command:
fnsysctl killall forticron
Related documents:
Technical Tip: External threat list (threat feed) is not working (connector is showing down)
Troubleshooting Tip: External Connector-Threat Feeds support format
