External resources for DNS filter

External resources provides the ability to dynamically import an external block list into an HTTP server. This feature enables the FortiGate to retrieve a dynamic URL, domain name, IP address, or malware hash list from an external HTTP server periodically. The FortiGate uses these external resources as the web filter's remote categories, DNS filter's remote categories, policy address objects, or antivirus profile's malware definitions. If external resources are updated, FortiGate objects are also updated dynamically.

External resource is divided into four types:

  • URL list (type = category)
  • Domain name list (type = domain)
  • IP address list (type = address)
  • Malware hash list (type = malware)

Remote categories and external IP block list

The DNS filter profile can use two types of external resources: domain type (domain name list) and address type (IP address list).

When a domain type external resource is configured, it is treated as a remote category in the DNS filter profile. If the domain name in DNS query matches the entry in this external resource file, it is treated as the remote category and follows the action configured for this category in DNS filter profile.

When an address type external resource is configured, it can be enabled as external-ip-blocklist in DNS filter profile. If a DNS resolved IP address in DNS response matches the entry in the external-ip-blocklist, this DNS query is blocked by the DNS filter.

For external resources file format and limits, see External resources file format.

Configuring external resources in the CLI

In the CLI, you can configure external resources files in an external HTTP server. Under global, configure the external resources file location and specify the resource type.

To configure external resources:
config system external-resource
   edit "Ext-Resource-Type-as-Domain-1"
      set type domain
      set category 194
      set resource ""
      set refresh-rate 1