Threat feed connectors per VDOM
When multi-VDOM mode is enabled, a threat feed external connector can be defined in global or within a VDOM. Global threat feeds can be used in any VDOM, but cannot be edited within the VDOM. FortiGuard category and domain name-based external feeds have an added category number field to identify the threat feed. The threat feed name in global must start with g-
. Threat feed names in VDOMs cannot start with g-
.
FortiGuard category and domain name-based external feed entries must have a number assigned to them that ranges from 192 to 221. This number can be assigned to both external feed types. However, when a category number is used under a global entry, such as 192 with the name g-cat-192
, this category number cannot be used in any other global or VDOM entries. If a category is used under a VDOM entry, such as 192 under VDOM1 with the name cat-192
, the category 192 can be used in another VDOM or root with the name cat-192
.
A thread feed connector can only be used in profiles in the VDOM that it was created in. Global connectors can be used in all VDOMs.
Each VDOM can have a maximum of 256 thread feed entries. But in total, a FortiGate can only have 511 thread feed entries.
To configure an external threat feed connector under global in the GUI:
- Go to Security Fabric > External Connectors and click Create New.
- In the Threat Feeds section, click FortiGuard Category.
- Enter a name that begins with
g-
. - Configure the other settings as needed.
- Click OK.
To configure an external threat feed connector under global in the CLI:
config global config system external-resource edit "g-category" set status enable set type category set category 192 set comments '' set resource "http://172.16.200.55/external-resource-test/513-FDGCategory.txt" set refresh-rate 5 next end end
To configure an external threat feed connector under a VDOM in the GUI:
- Go to Security Fabric > External Connectors and click Create New.
- In the Threat Feeds section, click Domain Name.