Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Administration Guide

    Home FortiManager 7.6.6 Administration Guide
    7.6.6
    7.6.6
    7.6.5
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.6
    6.2.5
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.6.11
    5.6.10
    5.6.9
    5.6.8
    5.6.7
    5.6.6
    5.6.5
    5.6.4
    5.6.3
    5.6.2
    5.6.1
    5.6.0
    5.4.7
    5.4.6
    5.4.5
    5.4.4
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.2.10
    5.2.7
    5.2.6
    5.2.4
    5.2.3
    5.2.2
    5.2.1
    5.2.0
    5.0.12
    5.0.11
    5.0.10
    5.0.9
    5.0.8
    5.0.7
    5.0.6
    5.0.5
    5.0.4
    5.0.3
    5.0.2
    4.3.8
    4.3.7
    4.3.6
    4.3.5
    4.3.4
    4.3.3
    4.3.2
    4.3.1
    4.3.0
    4.2.9
    4.2.8
    4.2.7
    4.2.6
    4.2.5
    4.2.4
    4.2.3
    4.2.2
    4.2.1
    4.2.0
    4.1.0
    4.0.3
    4.0.2
    4.0.1
    4.0.0

    External resources

    External resources

    FortiManager can manage external resources that can be used to create FortiManager hosted resources for threat feeds. FortiManager hosted threat feeds can be managed in one of two ways:

    Manual upload

    You can manually import a file, such as a list of IP addresses, as an external resource to FortiManager which can be used when creating a threat feed. Updates to the file must be done manually on FortiManager by reuploading the updated file or by editing the file directly using the FortiManager GUI.

    Import from a URL using a connector

    A connector can be created to point to a URL which contains the external resource, and FortiManager will fetch the resource based on the configured refresh interval. This allows the resource to be updated outside of FortiManager and does not require an administrator to manually update the resource on FortiManager with each change. The file must be in the .txt file format. Files imported from a connector are ready only.

    After external resources are added to FortiManager, they can be used in threat feeds. For more information on threat feeds, see Threat Feeds.

    Importing external resources manually

    To import files to FortiManager:

    1. Go to FortiGuard > External Resource > Files.

    2. Click Import in the toolbar.

    3. Drag and drop a file into the selection window or browse to your file location.

    4. Click OK. Uploaded files are displayed in the Files table. You can edit imported files directly in the FortiManager GUI.

    Importing external resources from a URL using a connector

    To import files using an external resource connector:

    1. Go to FortiGuard > External Resource > Connectors.

    2. Click Create New, and configure the following information:

      Name

      Enter a name for the connector.

      Status Enable or disable the connector. The connector will retrieve updates based on the configured Refresh Rate when it is enabled.
      URL of External Resource

      Enter the URL of the external resource where the file is hosted. The URL must begin with http:// or https://.

      Click Check Connectivity to test connectivity to the external resource URL.
      HTTP Basic Authentication If the resource has authentication, enable this setting and enter the required User Name and Password.
      Refresh Rate

      Configure the rate at which FortiManager will fetch updates from the external resource between 1 and 43200 minutes (default 5 minutes).

      Description Enter an optional description of the connector to help identify it.
      Use Web Proxy

      Enable this setting to access the resource using the FortiManager web proxy.

      This feature also requires that web proxy settings are configured and enabled on the FortiManager in System Settings > Advanced > Misc Settings. To configure FortiManager web proxy in the system settings, see Enabling updates through a web proxy.

    3. Click OK to save the connector.
      If FortiManager is able to successfully connect to the URL of the external resource, the resource will be imported to FortiManager and displayed in FortiGuard > External Resource > Files with the Remote tag for Source. The name of the file displayed in FortiManager is the same as the file's name that was uploaded to the external resource.

    Tooltip

    Remote files are ready only and cannot be deleted individually. Deleting the connector will delete the remote files automatically.

    Editing external resource files

    To edit external resource file content:

    1. In the external resource file list, select a file and do one of the following:

      1. Click Edit in the toolbar.

      2. Right-click and select Edit from the context menu.

    2. The content of the file is displayed and can be edited directly in the Content pane.

    3. Click OK to save changes to the external resource.

    Creating threat feeds using external resources

    To create a threat feed using a FortiManager hosted resource:

    1. Go to Policy & Objects > Security Fabric > Threat Feeds.

      Note

      If the Threat Feeds tab is not visible, it must first be enabled in Tools > Feature Visibility. You can also create Threat Feeds in Fabric View > External Connectors.

    2. Create a new threat feed.

    3. Select the threat feed type. For example, if the uploaded file is a list of IP addresses, you must select Type > IP Address.

    4. In the URL of external resource field, select From FortiManager and choose the uploaded file from the dropdown menu.

    5. Once the threat feed is created, you can use it in a policy and install it to a device.

    6. Details about the threat feed can be viewed on FortiGate.

      1. On FortiGate, go to Security Fabric > External Connectors. The content can be refreshed automatically or manually on this page.

      2. Click View Entries to see the content from the external resource.

    Previous
    Next

    External resources

    External resources

    FortiManager can manage external resources that can be used to create FortiManager hosted resources for threat feeds. FortiManager hosted threat feeds can be managed in one of two ways:

    Manual upload

    You can manually import a file, such as a list of IP addresses, as an external resource to FortiManager which can be used when creating a threat feed. Updates to the file must be done manually on FortiManager by reuploading the updated file or by editing the file directly using the FortiManager GUI.

    Import from a URL using a connector

    A connector can be created to point to a URL which contains the external resource, and FortiManager will fetch the resource based on the configured refresh interval. This allows the resource to be updated outside of FortiManager and does not require an administrator to manually update the resource on FortiManager with each change. The file must be in the .txt file format. Files imported from a connector are ready only.

    After external resources are added to FortiManager, they can be used in threat feeds. For more information on threat feeds, see Threat Feeds.

    Importing external resources manually

    To import files to FortiManager:

    1. Go to FortiGuard > External Resource > Files.

    2. Click Import in the toolbar.

    3. Drag and drop a file into the selection window or browse to your file location.

    4. Click OK. Uploaded files are displayed in the Files table. You can edit imported files directly in the FortiManager GUI.

    Importing external resources from a URL using a connector

    To import files using an external resource connector:

    1. Go to FortiGuard > External Resource > Connectors.

    2. Click Create New, and configure the following information:

      Name

      Enter a name for the connector.

      Status Enable or disable the connector. The connector will retrieve updates based on the configured Refresh Rate when it is enabled.
      URL of External Resource

      Enter the URL of the external resource where the file is hosted. The URL must begin with http:// or https://.

      Click Check Connectivity to test connectivity to the external resource URL.
      HTTP Basic Authentication If the resource has authentication, enable this setting and enter the required User Name and Password.
      Refresh Rate

      Configure the rate at which FortiManager will fetch updates from the external resource between 1 and 43200 minutes (default 5 minutes).

      Description Enter an optional description of the connector to help identify it.
      Use Web Proxy

      Enable this setting to access the resource using the FortiManager web proxy.

      This feature also requires that web proxy settings are configured and enabled on the FortiManager in System Settings > Advanced > Misc Settings. To configure FortiManager web proxy in the system settings, see Enabling updates through a web proxy.

    3. Click OK to save the connector.
      If FortiManager is able to successfully connect to the URL of the external resource, the resource will be imported to FortiManager and displayed in FortiGuard > External Resource > Files with the Remote tag for Source. The name of the file displayed in FortiManager is the same as the file's name that was uploaded to the external resource.

    Tooltip

    Remote files are ready only and cannot be deleted individually. Deleting the connector will delete the remote files automatically.

    Editing external resource files

    To edit external resource file content:

    1. In the external resource file list, select a file and do one of the following:

      1. Click Edit in the toolbar.

      2. Right-click and select Edit from the context menu.

    2. The content of the file is displayed and can be edited directly in the Content pane.

    3. Click OK to save changes to the external resource.

    Creating threat feeds using external resources

    To create a threat feed using a FortiManager hosted resource:

    1. Go to Policy & Objects > Security Fabric > Threat Feeds.

      Note

      If the Threat Feeds tab is not visible, it must first be enabled in Tools > Feature Visibility. You can also create Threat Feeds in Fabric View > External Connectors.

    2. Create a new threat feed.

    3. Select the threat feed type. For example, if the uploaded file is a list of IP addresses, you must select Type > IP Address.

    4. In the URL of external resource field, select From FortiManager and choose the uploaded file from the dropdown menu.

    5. Once the threat feed is created, you can use it in a policy and install it to a device.

    6. Details about the threat feed can be viewed on FortiGate.

      1. On FortiGate, go to Security Fabric > External Connectors. The content can be refreshed automatically or manually on this page.

      2. Click View Entries to see the content from the external resource.

    Previous
    Next