Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Administration Guide

    Home FortiGate / FortiOS 7.4.10 Administration Guide
    7.4.10
    7.6.6
    7.6.5
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.11
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.13
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.19
    7.0.18
    7.0.17
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.0

    Threat feed connectors per VDOM

    Threat feed connectors per VDOM

    When multi-VDOM mode is enabled, a threat feed external connector can be defined in global or within a VDOM. Global threat feeds can be used in any VDOM, but cannot be edited within the VDOM. FortiGuard category and domain name-based external feeds have an added category number field to identify the threat feed. The threat feed name in global must start with g-. Threat feed names in VDOMs cannot start with g-.

    FortiGuard category and domain name-based external feed entries must have a number assigned to them that ranges from 192 to 221. This number can be assigned to both external feed types. However, when a category number is used under a global entry, such as 192 with the name g-cat-192, this category number cannot be used in any other global or VDOM entries. If a category is used under a VDOM entry, such as 192 under VDOM1 with the name cat-192, the category 192 can be used in another VDOM or root with the name cat-192.

    A threat feed connector can only be used in profiles in the VDOM that it was created in. Global connectors can be used in all VDOMs.

    Each VDOM can have a maximum of 256 threat feed entries. But in total, a FortiGate can only have 511 threat feed entries.

    To improve the security of the connection, it is recommended to enable server certificate validation (server-identity-check) either in basic or full mode.

    To configure a FortiGuard category threat feed connector under global in the GUI:
    1. Go to Security Fabric > External Connectors and click Create New.
    2. In the Threat Feeds section, click FortiGuard Category.
    3. Enter a name that begins with g-.
    4. Configure the other settings as needed.
    5. Click OK.
    To configure a FortiGuard category threat feed connector under global in the CLI:
    config global 
    config system external-resource
        edit "g-category"
            set status enable
            set type category
            set category 192
            set comments ''
            set resource "http://172.16.200.55/external-resource-test/513-FDGCategory.txt"
            set server-identity-check {none | basic | full}
            set refresh-rate 5
        next
    end
end
    To configure a domain name threat feed connector under a VDOM in the GUI:
    1. Go to Security Fabric > External Connectors and click Create New.
    2. In the Threat Feeds section, click Domain Name.
    3. Enter a name that does not begin with g-.
    4. Configure the other settings as needed.
    5. Click OK. The threat feed connector created under global also appears, but it is not editable.

    To configure a domain name threat feed connector under a VDOM in the CLI:
    config vdom
    edit vd1 
        config system external-resource
            edit "vd1-domain"
                set status enable
                set type domain
                set category 193
                set comments ''
                set resource "http://172.16.200.55/external-resource-test/513-Domain.txt"
                set server-identity-check {none | basic | full}
                set refresh-rate 5
            next
        end
    next
end
    To use an IP address threat feed in a policy in the GUI:
    1. Configure an IP address connector in global:
      1. Go to Security Fabric > External Connectors and click Create New.
      2. In the Threat Feeds section, click IP Address.
      3. Enter a name that begins with g-.
      4. Configure the other settings as needed.
      5. Click OK.
    2. Configure an IP address connector in the VDOM (vd1):
      1. Go to Security Fabric > External Connectors and click Create New.
      2. In the Threat Feeds section, click IP Address.
      3. Enter a name that does not begin with g-.
      4. Configure the other settings as needed.
      5. Click OK. The threat feed connectors created under global also appear, but they are not editable.

    3. Configure the firewall policy in the VDOM (vd1):
      1. Go to Policy & Objects > Firewall Policy and click Create New.
      2. For Destination, select vd1-address. Since this policy is configured under vd1, g-address can also be set as the destination.

      3. Configure the other settings as needed.
      4. Click OK.
    To use an IP address threat feed in a policy in the CLI:
    1. Configure the IP address connectors:
      config global
    config system external-resource
        edit "g-address"
            set status enable
            set type address
            set username ''
            set comments ''
            set resource "http://172.16.200.55/external-resource-test/513-IP.txt"
            set server-identity-check {none | basic | full}	
            set refresh-rate 5
        next
    end
end
      config vdom
    edit vd1
        config system external-resource
            edit "vd1-address"
                set status enable
                set type address
                set comments ''
                set resource "http://172.16.200.55/external-resource-test/513-IP.txt"
                set user-agent "curl/7.58.0"
                set server-identity-check {none | basic | full}
                set refresh-rate 5
            next
        end
    next
end
    2. In the VDOM, configure a firewall policy with the external address as the destination address:
      config vdom
    edit vd1 
        config firewall policy
            edit 1
                set name "test"
                set srcintf "port10"
                set dstintf "port9"
                set srcaddr "all"
                set dstaddr "vd1-address"
                set action accept
                set schedule "always"
                set service "ALL"
                set profile-protocol-options "protocol"
                set nat enable
            next
        end
    next
end

      Note

      Since this firewall policy is configured under vd1, g-address can also be set as the dstaddr.

    Previous
    Next

    Threat feed connectors per VDOM

    Threat feed connectors per VDOM

    When multi-VDOM mode is enabled, a threat feed external connector can be defined in global or within a VDOM. Global threat feeds can be used in any VDOM, but cannot be edited within the VDOM. FortiGuard category and domain name-based external feeds have an added category number field to identify the threat feed. The threat feed name in global must start with g-. Threat feed names in VDOMs cannot start with g-.

    FortiGuard category and domain name-based external feed entries must have a number assigned to them that ranges from 192 to 221. This number can be assigned to both external feed types. However, when a category number is used under a global entry, such as 192 with the name g-cat-192, this category number cannot be used in any other global or VDOM entries. If a category is used under a VDOM entry, such as 192 under VDOM1 with the name cat-192, the category 192 can be used in another VDOM or root with the name cat-192.

    A threat feed connector can only be used in profiles in the VDOM that it was created in. Global connectors can be used in all VDOMs.

    Each VDOM can have a maximum of 256 threat feed entries. But in total, a FortiGate can only have 511 threat feed entries.

    To improve the security of the connection, it is recommended to enable server certificate validation (server-identity-check) either in basic or full mode.

    To configure a FortiGuard category threat feed connector under global in the GUI:
    1. Go to Security Fabric > External Connectors and click Create New.
    2. In the Threat Feeds section, click FortiGuard Category.
    3. Enter a name that begins with g-.
    4. Configure the other settings as needed.
    5. Click OK.
    To configure a FortiGuard category threat feed connector under global in the CLI:
    config global 
    config system external-resource
        edit "g-category"
            set status enable
            set type category
            set category 192
            set comments ''
            set resource "http://172.16.200.55/external-resource-test/513-FDGCategory.txt"
            set server-identity-check {none | basic | full}
            set refresh-rate 5
        next
    end
end
    To configure a domain name threat feed connector under a VDOM in the GUI:
    1. Go to Security Fabric > External Connectors and click Create New.
    2. In the Threat Feeds section, click Domain Name.
    3. Enter a name that does not begin with g-.
    4. Configure the other settings as needed.
    5. Click OK. The threat feed connector created under global also appears, but it is not editable.

    To configure a domain name threat feed connector under a VDOM in the CLI:
    config vdom
    edit vd1 
        config system external-resource
            edit "vd1-domain"
                set status enable
                set type domain
                set category 193
                set comments ''
                set resource "http://172.16.200.55/external-resource-test/513-Domain.txt"
                set server-identity-check {none | basic | full}
                set refresh-rate 5
            next
        end
    next
end
    To use an IP address threat feed in a policy in the GUI:
    1. Configure an IP address connector in global:
      1. Go to Security Fabric > External Connectors and click Create New.
      2. In the Threat Feeds section, click IP Address.
      3. Enter a name that begins with g-.
      4. Configure the other settings as needed.
      5. Click OK.
    2. Configure an IP address connector in the VDOM (vd1):
      1. Go to Security Fabric > External Connectors and click Create New.
      2. In the Threat Feeds section, click IP Address.
      3. Enter a name that does not begin with g-.
      4. Configure the other settings as needed.
      5. Click OK. The threat feed connectors created under global also appear, but they are not editable.

    3. Configure the firewall policy in the VDOM (vd1):
      1. Go to Policy & Objects > Firewall Policy and click Create New.
      2. For Destination, select vd1-address. Since this policy is configured under vd1, g-address can also be set as the destination.

      3. Configure the other settings as needed.
      4. Click OK.
    To use an IP address threat feed in a policy in the CLI:
    1. Configure the IP address connectors:
      config global
    config system external-resource
        edit "g-address"
            set status enable
            set type address
            set username ''
            set comments ''
            set resource "http://172.16.200.55/external-resource-test/513-IP.txt"
            set server-identity-check {none | basic | full}	
            set refresh-rate 5
        next
    end
end
      config vdom
    edit vd1
        config system external-resource
            edit "vd1-address"
                set status enable
                set type address
                set comments ''
                set resource "http://172.16.200.55/external-resource-test/513-IP.txt"
                set user-agent "curl/7.58.0"
                set server-identity-check {none | basic | full}
                set refresh-rate 5
            next
        end
    next
end
    2. In the VDOM, configure a firewall policy with the external address as the destination address:
      config vdom
    edit vd1 
        config firewall policy
            edit 1
                set name "test"
                set srcintf "port10"
                set dstintf "port9"
                set srcaddr "all"
                set dstaddr "vd1-address"
                set action accept
                set schedule "always"
                set service "ALL"
                set profile-protocol-options "protocol"
                set nat enable
            next
        end
    next
end

      Note

      Since this firewall policy is configured under vd1, g-address can also be set as the dstaddr.

    Previous
    Next