Hello Team,
i have configured threat feed with "update method" external feed.
I need to enable a connection coming from an ip that is inside the dynamic list. Is it possible to exclude this ip from the threat feed list?
Thanks for the support
BR
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi @luca1994,
if you have access to the server and the list you can remove it directly from the file.
If you do not have access to the server you can ask the people that manage the server to do that for you (if that is applicable).
If the above are not feasible you can try the alternative method I proposed in my previous reply: "Alternatively you could create a firewall policy above the one that you use for the Threat feed dynamic list, to allow the traffic to/from the IP that you need (then disable it when you do not need it)."
I have not more options apart from the ones above. :)
Best regards,
Hello,
Could you please elaborate what you are referring to by "dynamic list"?
Hello @abarushka ,
I mean that the URI of external resource field is configured with https://iplists.firehol.org/files/firehol_level1.netset
BR
Hi @luca1994 ,
My understanding is that you have created a list of IPs and used it in the Theat Feed feature and
now you need to temporary (or permanently) enable a connection coming from an IP that is part of the Threat list, is that correct?
In that case you can remove the IP from the IP list.
Alternatively you could create a firewall policy above the one that you use for the Threat feed dynamic list, to allow the traffic to/from the IP that you need (then disable it when you do not need it).
Threat feed doc link:
https://docs.fortinet.com/document/fortigate/7.4.1/administration-guide/891236/ip-address-threat-fee...
Best regards,
Hi @fricci_FTNT ,
yes, is correct. I need to permanently enable a connection coming from an IP that is part of the Treat list. How can remove it from this list permanently? Is possible?
BR
Hi @luca1994,
if you have access to the server and the list you can remove it directly from the file.
If you do not have access to the server you can ask the people that manage the server to do that for you (if that is applicable).
If the above are not feasible you can try the alternative method I proposed in my previous reply: "Alternatively you could create a firewall policy above the one that you use for the Threat feed dynamic list, to allow the traffic to/from the IP that you need (then disable it when you do not need it)."
I have not more options apart from the ones above. :)
Best regards,
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1732 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.