Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
luca1994
New Contributor III

Threat Feed question

Hello Team,

 

i have configured threat feed with "update method" external feed.

I need to enable a connection coming from an ip that is inside the dynamic list. Is it possible to exclude this ip from the threat feed list?

 

Thanks for the support

BR

1 Solution
fricci_FTNT

Hi @luca1994,

if you have access to the server and the list you can remove it directly from the file.

If you do not have access to the server you can ask the people that manage the server to do that for you (if that is applicable).
If the above are not feasible you can try the alternative method I proposed in my previous reply: "Alternatively you could create a firewall policy above the one that you use for the Threat feed dynamic list, to allow the traffic to/from the IP that you need (then disable it when you do not need it)."

I have not more options apart from the ones above. :)

Best regards,

---
If you have found a useful article or a solution, please like and accept it to make it easily accessible to others.

View solution in original post

5 REPLIES 5
abarushka
Staff
Staff

Hello,

 

Could you please elaborate what you are referring to by "dynamic list"?

FortiGate
luca1994
New Contributor III

Hello @abarushka ,

 

I mean that the URI of external resource field is configured with https://iplists.firehol.org/files/firehol_level1.netset

 

BR

fricci_FTNT
Staff
Staff

Hi @luca1994 ,

 

My understanding is that you have created a list of IPs and used it in the Theat Feed feature and
now you need to temporary (or permanently) enable a connection coming from an IP that is part of the Threat list, is that correct?
In that case you can remove the IP from the IP list. 

Alternatively you could create a firewall policy above the one that you use for the Threat feed dynamic list, to allow the traffic to/from the IP that you need (then disable it when you do not need it).


Threat feed doc link:

https://docs.fortinet.com/document/fortigate/7.4.1/administration-guide/891236/ip-address-threat-fee...

Best regards,

---
If you have found a useful article or a solution, please like and accept it to make it easily accessible to others.
luca1994
New Contributor III

Hi @fricci_FTNT ,

 

yes, is correct. I need to permanently enable a connection coming from an IP that is part of the Treat list. How can remove it from this list permanently? Is possible?

 

BR

fricci_FTNT

Hi @luca1994,

if you have access to the server and the list you can remove it directly from the file.

If you do not have access to the server you can ask the people that manage the server to do that for you (if that is applicable).
If the above are not feasible you can try the alternative method I proposed in my previous reply: "Alternatively you could create a firewall policy above the one that you use for the Threat feed dynamic list, to allow the traffic to/from the IP that you need (then disable it when you do not need it)."

I have not more options apart from the ones above. :)

Best regards,

---
If you have found a useful article or a solution, please like and accept it to make it easily accessible to others.
Top Kudoed Authors