Threat feed connectors per VDOM
When multi-VDOM mode is enabled, a threat feed external connector can be defined in global or within a VDOM. Global threat feeds can be used in any VDOM, but cannot be edited within the VDOM. FortiGuard category and domain name-based external feeds have an added category number field to identify the threat feed. The threat feed name in global must start with g-. Threat feed names in VDOMs cannot start with g-.
FortiGuard category and domain name-based external feed entries must have a number assigned to them that ranges from 192 to 221. This number can be assigned to both external feed types. However, when a category number is used under a global entry, such as 192 with the name g-cat-192, this category number cannot be used in any other global or VDOM entries. If a category is used under a VDOM entry, such as 192 under VDOM1 with the name cat-192, the category 192 can be used in another VDOM or root with the name cat-192.
A thread feed connector can only be used in profiles in the VDOM that it was created in. Global connectors can be used in all VDOMs.
Each VDOM can have a maximum of 256 thread feed entries. But in total, a FortiGate can only have 511 thread feed entries.
To configure an external threat feed connector under global in the GUI:
- Go to Security Fabric > External Connectors and click Create New.
- In the Threat Feeds section, click FortiGuard Category.
- Enter a name that begins with
g-. - Configure the other settings as needed.
- Click OK.
To configure an external threat feed connector under global in the CLI:
config global
config system external-resource
edit "g-category"
set status enable
set type category
set category 192
set comments ''
set resource "http://172.16.200.55/external-resource-test/513-FDGCategory.txt"
set refresh-rate 5
next
end
end
To configure an external threat feed connector under a VDOM in the GUI:
- Go to Security Fabric > External Connectors and click Create New.
- In the Threat Feeds section, click Domain Name.