Description
This article describes how to create a threat feed connector from FortiManager in the Global VDOM in FortiGate.
Scope
FortiManager 7.0.10 and above, FortiGate with VDOMs enabled.
Solution
Using Threat Feeds in FortiGate's Multi-VDOM Mode.
When turning on multi-VDOM mode in FortiGate, it is possible to set up threat feeds either globally or for specific VDOMs. Global threat feeds work everywhere but cannot be changed within each specific VDOM.
In FortiManager, threat feeds are in the Policy & Objects section. When creating a threat feed in FortiManager, it will be pushed to FortiGate when installing the Policy Package to the specified VDOM.
Any threat feed starting with 'g-' will be a global threat feed and can be utilized across various VDOMs on FortiGate. It is not tied to specific VDOM/policy and even if all policies using global threat feed are removed, threat feed will still be available under Global VDOM).
To Create the Threat Feed in FortiManager:
Log in to FortiManager -> choose Fabric View Pane -> Connectors -> Create New -> Scroll down to threat feeds.
The name should start with a g-:
After being created, use it in a policy (any VDOM):
After the policy was pushed to the root VDOM, the threat feed was created in Global and Root VDOMs:
