Threat feeds

Threat feeds dynamically import an external block lists from an HTTP server in the form of a plain text file. Block lists can be used to enforce special security requirements, such as long term policies to always block access to certain websites, or short term requirements to block access to known compromised locations. The lists are dynamically imported, so that any changes are immediately imported by FortiOS.

There are four types of threat feeds:

FortiGuard Category

The file contains one URL per line. It is available as a Remote Category in Web Filter profiles, SSL inspection exemptions, and proxy addresses. See Web rating override for more information.

Example:

http://example/com.url
https://example.com/url
http://example.com:8080/url

IP Address

The file contains one IP/IP range/subnet per line. It is available as an External IP Block List in DNS Filter profiles, and as a Source/Destination in IPv4, IPv6, and proxy policies.

Example:

192.168.2.100
172.200.1.4/16
172.16.1.2/24
172.16.8.1-172.16.8.100
2001:0db8::eade:27ff:fe04:9a01/120
2001:0db8::eade:27ff:fe04:aa01-2001:0db8::eade:27ff:fe04:ab01

Domain Name

The file contains one domain per line. Simple wildcards are supported. It is available as a Remote Category in DNS Filter profiles. See External resources for DNS filter for more information.

Example:

mail.*.example.com
*-special.example.com
www.*example.com
example.com