Help
FortiSIEM Discussions
tiago_rcxit
New Contributor

Created on ‎10-08-2025 10:51 AM

FortiSIEM Multi-Tenant – Consume Watchlist from Remote Site via Collector (FortiGate Threat Feed Int

Hello Fortinet team,

I’m working on an integration between FortiSIEM 7.4 (multi-tenant environment) and FortiGate Threat Feeds, and I’d like to request guidance on the best way to achieve the following setup.

Goal

Allow a FortiGate located at a remote site (which has no direct connectivity to the FortiSIEM Supervisor) to consume a watchlist feed (External Fabric Threats) through its local FortiSIEM Collector, using the Collector as a proxy or relay.

The FortiGate should authenticate using HTTP Basic Authentication, as documented (format: super/username), with the standard endpoint:

 

#https://<Supervisor_IP>:<port>/phoenix/rest/watchlist/ip?name=External%20Fabric%20Threats

 

Current Setup:

FortiSIEM 7.4, multi-tenant mode.

FortiGate firewalls at remote sites.

Collectors installed in each remote site (Collectors have connectivity to the Supervisor).

Supervisor is not directly reachable from the FortiGates for security reasons.

Labels:
92
0 Kudos
1 REPLY 1
Stephen_G
Moderator
Moderator

Created on ‎10-12-2025 01:01 PM

Hi tiago_rcxit,

 

Thanks for using our forum! I've moved your post to the dedicated FortiSIEM discussion forum. 

 

If anybody has an answer or insights, feel free to offer them.

Stephen - Fortinet Community Team
38
0 Kudos
Announcements

Welcome to your new Fortinet Community!

You'll find your previous forum posts under "Forums"

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.