Fortinet Fortigate Threat Feed Connector

Threat Feed Connectors

This feature introduces
the ability to dynamically import external block list text files from an
HTTP server. The text files can contain IP addresses and domain names.
These dynamic block lists are called ‘Threat Feeds’. You can block
access to the addresses in the text files by adding one or more threat
feeds to:

FortiOS keeps threat feeds up to date by dynamically re-downloading them from the HTTP server according to the refresh rate.

Threat Feeds can be configured under Security Fabric > Fabric Connectorsby creating new Threat Feeds.

The New Fabric Connector edit page provides the following fields:

The domain resource is a text file which contains a domain name for each line and supports simple wildcard. For example:


The address resource is a
text file which contains an IP/IP range for each line (note that only
IPv4 is supported in DNS profiles, so IPv6 addresses will be ignored).
For example:

FortiOS configuration

config system external-resource
set type {category | address | domain}
set category
set comments [comments]
set resource
set refresh-rate
set last-update