Fortinet Fortigate Threat Feed Connector

Quelle: Fortinet

Threat Feed Connectors

This feature introduces the ability to dynamically import external block list text files from an HTTP server. The text files can contain IP addresses and domain names. These dynamic block lists are called ‚Threat Feeds‘. You can block access to the addresses in the text files by adding one or more threat feeds to:

  • DNS Filter profiles (using Domain Name and IP Address threat feeds)
  • Web Filter profiles and SSL inspection exemptions (using FortiGuard Category threat feeds)
  • Proxy policies (using IP Address threat feeds)
  • AntiVirus profiles (using Malware Hash threat feeds)

FortiOS keeps threat feeds up to date by dynamically re-downloading them from the HTTP server according to the refresh rate.

Threat Feeds can be configured under Security Fabric > Fabric Connectorsby creating new Threat Feeds.

The New Fabric Connector edit page provides the following fields:

  • Name – The name you want to assign to the feed. The usage of the name in the interface depends on the category of threat feed you select:
  • Domain Name – The Name will appear as an „Remote Category“ in DNS Filter profiles.
  • FortiGuard Category – The Name will appear as a „Remote Category“ in Web Filter profiles and SSL inspection exemptions.
  • IP Address – The Name will appear as an „External IP Block List“ in DNS Filter profiles and as a „Source/Destination“ in IPv4, IPv6, and Proxy policies.
  • Malware Hash – The Name will be automatically used for Virus Outbreak Prevention on AntiVirus Profiles where „External Malware Block List“ is enabled.
  • URI of external resource – The link to an external resource file. The file should be a plain text file with one domain each line and supports simple wildcard.
  • HTTP basic authentication – The username and password for external authentication on the threat feed’s URI. This can be disabled if the feed does not require authentication.
  • Refresh Rate – The time interval to refresh external resource (1 – 43200 minutes).
  • The size of the file can be 10 MB, or 128,000 lines of text, whichever is most restrictive.

The domain resource is a text file which contains a domain name for each line and supports simple wildcard. For example:

mail.*.or.th
*-special.de.vu
http://www.*de.vu
610-pawn.com
aaliyah-hq-gallery.de.vu
abcgolocal.com

The address resource is a text file which contains an IP/IP range for each line (note that only IPv4 is supported in DNS profiles, so IPv6 addresses will be ignored). For example:

1.1.1.1
10.0.0.70
2.1.1.1
100.0.0.1-100.0.0.100
10.0.0.99-10.0.0.201
1.2.2.2/24

FortiOS configuration

config system external-resource
   edit <name>
      set type {category | address | domain}
      set category <value>
      set comments [comments]
      set resource <resource-url>
      set refresh-rate <minutes>
      set last-update <datetime>
   next
end

CommuniGate Pro PSTN Settings debunked

In der Dokumentation sind nicht viele Informationen über die Felder auf dieser Settings-Page zu finden.

Hier nun eine etwas detailiiertere Beschreibung:


Local Area Code

Hier trägt man den aktuellen local Area Code für den Server/Domain-PSTN Standort ein.

für Österreich beispielsweise „43“ (das „+“ bitte weglassen).

43

Emergency Code

Das ist die Einstellung für die Notfallnummer. (Polizei, Feuerwehr, etc.)

call=sip:911@telnum (für Österereich z.B.: call=sip:133@telnum – Polizei)

call=sip:133@telnum

Gateway Domain

Default: pstn.communigate.com – Das ist der Hostname oder die IP Adresse des PSTN-Gateways.

pstngateway.core.at

Gateway Address

Default: <leer>

Eine IP-Adressse muss hier nur dann eingetragen werden wenn per DNS das PSTN-Gateway nicht aufgelöst werden kann.

Caller ID

ID-String des Callers, der das Gateway benutzt.

Default: $

„$“ bedeutet lt. gatewaycaller.sppr: „use the name from auth credentials with the gateway domain“

Name for the Gateway

Username (Authentication Account) für das Gateway.

gatewayuser

Password for the Gateway

Das Password