config system external-resource

Configure external resource.

config system external-resource
    Description: Configure external resource.
    edit <name>
        set address-comment-field {string}
        set address-data-field {string}
        set address-name-field {string}
        set category {integer}
        set client-cert {string}
        set client-cert-auth [enable|disable]
        set comments {var-string}
        set fabric-force-sync [enable|disable]
        set fabric-object [enable|disable]
        set fabric-object-source [member|local|...]
        set interface {string}
        set interface-select-method [auto|sdwan|...]
        set namespace {string}
        set object-array-path {string}
        set password {varlen_password}
        set refresh-rate {integer}
        set resource {string}
        set server-identity-check [none|basic|...]
        set source-ip {ipv4-address}
        set source-ip-interface {string}
        set status [enable|disable]
        set threat-feed-hash-mode [hash-db|plain-text-db]
        set type [category|domain|...]
        set update-method [feed|push|...]
        set user-agent {var-string}
        set username {string}
        set uuid {uuid}
        set vrf-select {integer}
    next
end

config system external-resource

Parameter

Description

Type

Size

Default

address-comment-field

JSON Path to address description in generic address entry.

string

Maximum length: 511

$.description

address-data-field

JSON Path to address data in generic address entry.

string

Maximum length: 511

$.value

address-name-field

JSON Path to address name in generic address entry.

string

Maximum length: 511

$.name

category

User resource category.

integer

Minimum value: 192 Maximum value: 221

client-cert

Client certificate name.

string

Maximum length: 79

client-cert-auth

Enable/disable using client certificate for TLS authentication.

option

disable

Option	Description
enable	Enable using client certificate for TLS authentication.
disable	Disable using client certificate for TLS authentication.

comments

Comment.

var-string

Maximum length: 255

fabric-force-sync *

Enable/disable forced synchronization of configuration objects from the root FortiGate unit to the downstream devices. Configuration conflict check is skipped.

option

disable

Option	Description
enable	Enable forced synchronization of configuration objects from the root FortiGate unit to the downstream devices.
disable	Disable forced synchronization of configuration objects from the root FortiGate unit to the downstream devices.

fabric-object *

Security Fabric global object setting.

option

disable

Option	Description
enable	Object is set as a security fabric-wide global object.
disable	Object is local to this security fabric member.

fabric-object-source *

Source of truth for fabric object.

option

root

Option	Description
member	Source of truth for this object is a non-root member of fabric.
local	Source of truth for this object is this security fabric member.
root	Source of truth for this object is the root of the fabric.

interface

Specify outgoing interface to reach server.

string

Maximum length: 15

interface-select-method

Specify how to select outgoing interface to reach server.

option

auto

Option	Description
auto	Set outgoing interface automatically.
sdwan	Set outgoing interface by SD-WAN or policy routing rules.
specify	Set outgoing interface manually.

name

External resource name.

string

Maximum length: 35

namespace

Generic external connector address namespace.

string

Maximum length: 15

object-array-path

JSON Path to array of generic addresses in resource.

string

Maximum length: 511

$.addresses

password

HTTP basic authentication password.

varlen_password

Not Specified

refresh-rate

Time interval to refresh external resource (1 - 43200 min, default = 5 min).

integer

Minimum value: 1 Maximum value: 43200

resource

URL of external resource.

string

Maximum length: 511

server-identity-check

Certificate verification option.

option

none

Option	Description
none	No certificate verification.
basic	Check server certifcate only.
full	Check server certificate and verify the domain matches in the server certificate.

source-ip

Source IPv4 address used to communicate with server.

ipv4-address

Not Specified

0.0.0.0

source-ip-interface

IPv4 Source interface for communication with the server.

string

Maximum length: 15

status

Enable/disable user resource.

option

enable

Option	Description
enable	Enable user resource.
disable	Disable user resource.

threat-feed-hash-mode *

Configure use of the external threat feed as either a hash database or plain text database (default = plain-text-db).

option

plain-text-db

Option	Description
hash-db	External threat feed is used as a hash database.
plain-text-db	External threat feed is used as a plain text database.

type

User resource type.

option

category

Option	Description
category	FortiGuard category.
domain	Domain Name.
malware	Malware hash.
address	Firewall IP address.
mac-address	Firewall MAC address.
data	Data file.
generic-address	Generic addresses.

update-method

External resource update method.

option

feed

Option	Description
feed	FortiGate unit will pull update from the external resource.
push	External resource update is pushed to the FortiGate unit through the FortiGate unit's RESTAPI/CLI.
fortimq	External resource update is pushed to the FortiGate unit through the Fortinet Message Queue fabric.

user-agent

HTTP User-Agent header (default = 'curl/7.58.0').

var-string

Maximum length: 255

username

HTTP basic authentication user name.

string

Maximum length: 64

uuid

Universally Unique Identifier (UUID; automatically assigned but can be manually reset).

uuid

Not Specified

00000000-0000-0000-0000-000000000000

vrf-select

VRF ID used for connection to server.

integer

Minimum value: 0 Maximum value: 511

* This parameter may not exist in some models.

config system external-resource

Configure external resource.

config system external-resource
    Description: Configure external resource.
    edit <name>
        set address-comment-field {string}
        set address-data-field {string}
        set address-name-field {string}
        set category {integer}
        set client-cert {string}
        set client-cert-auth [enable|disable]
        set comments {var-string}
        set fabric-force-sync [enable|disable]
        set fabric-object [enable|disable]
        set fabric-object-source [member|local|...]
        set interface {string}
        set interface-select-method [auto|sdwan|...]
        set namespace {string}
        set object-array-path {string}
        set password {varlen_password}
        set refresh-rate {integer}
        set resource {string}
        set server-identity-check [none|basic|...]
        set source-ip {ipv4-address}
        set source-ip-interface {string}
        set status [enable|disable]
        set threat-feed-hash-mode [hash-db|plain-text-db]
        set type [category|domain|...]
        set update-method [feed|push|...]
        set user-agent {var-string}
        set username {string}
        set uuid {uuid}
        set vrf-select {integer}
    next
end

config system external-resource

Parameter

Description

Type

Size

Default

address-comment-field

JSON Path to address description in generic address entry.

string

Maximum length: 511

$.description

address-data-field

JSON Path to address data in generic address entry.

string

Maximum length: 511

$.value

address-name-field

JSON Path to address name in generic address entry.

string

Maximum length: 511

$.name

category

User resource category.

integer

Minimum value: 192 Maximum value: 221

client-cert

Client certificate name.

string

Maximum length: 79

client-cert-auth

Enable/disable using client certificate for TLS authentication.

option

disable

Option	Description
enable	Enable using client certificate for TLS authentication.
disable	Disable using client certificate for TLS authentication.

comments

Comment.

var-string

Maximum length: 255

fabric-force-sync *

Enable/disable forced synchronization of configuration objects from the root FortiGate unit to the downstream devices. Configuration conflict check is skipped.

option

disable

Option	Description
enable	Enable forced synchronization of configuration objects from the root FortiGate unit to the downstream devices.
disable	Disable forced synchronization of configuration objects from the root FortiGate unit to the downstream devices.

fabric-object *

Security Fabric global object setting.

option

disable

Option	Description
enable	Object is set as a security fabric-wide global object.
disable	Object is local to this security fabric member.

fabric-object-source *

Source of truth for fabric object.

option

root

Option	Description
member	Source of truth for this object is a non-root member of fabric.
local	Source of truth for this object is this security fabric member.
root	Source of truth for this object is the root of the fabric.

interface

Specify outgoing interface to reach server.

string

Maximum length: 15

interface-select-method

Specify how to select outgoing interface to reach server.

option

auto

Option	Description
auto	Set outgoing interface automatically.
sdwan	Set outgoing interface by SD-WAN or policy routing rules.
specify	Set outgoing interface manually.

name

External resource name.

string

Maximum length: 35

namespace

Generic external connector address namespace.

string

Maximum length: 15

object-array-path

JSON Path to array of generic addresses in resource.

string

Maximum length: 511

$.addresses

password

HTTP basic authentication password.

varlen_password

Not Specified

refresh-rate

Time interval to refresh external resource (1 - 43200 min, default = 5 min).

integer

Minimum value: 1 Maximum value: 43200

resource

URL of external resource.

string

Maximum length: 511

server-identity-check

Certificate verification option.

option

none

Option	Description
none	No certificate verification.
basic	Check server certifcate only.
full	Check server certificate and verify the domain matches in the server certificate.

source-ip

Source IPv4 address used to communicate with server.

ipv4-address

Not Specified

0.0.0.0

source-ip-interface

IPv4 Source interface for communication with the server.

string

Maximum length: 15

status

Enable/disable user resource.

option

enable

Option	Description
enable	Enable user resource.
disable	Disable user resource.

threat-feed-hash-mode *

Configure use of the external threat feed as either a hash database or plain text database (default = plain-text-db).

option

plain-text-db

Option	Description
hash-db	External threat feed is used as a hash database.
plain-text-db	External threat feed is used as a plain text database.

type

User resource type.

option

category

Option	Description
category	FortiGuard category.
domain	Domain Name.
malware	Malware hash.
address	Firewall IP address.
mac-address	Firewall MAC address.
data	Data file.
generic-address	Generic addresses.

update-method

External resource update method.

option

feed

Option	Description
feed	FortiGate unit will pull update from the external resource.
push	External resource update is pushed to the FortiGate unit through the FortiGate unit's RESTAPI/CLI.
fortimq	External resource update is pushed to the FortiGate unit through the Fortinet Message Queue fabric.

user-agent

HTTP User-Agent header (default = 'curl/7.58.0').

var-string

Maximum length: 255

username

HTTP basic authentication user name.

string

Maximum length: 64

uuid

Universally Unique Identifier (UUID; automatically assigned but can be manually reset).

uuid

Not Specified

00000000-0000-0000-0000-000000000000

vrf-select

VRF ID used for connection to server.

integer

Minimum value: 0 Maximum value: 511

* This parameter may not exist in some models.

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Unified SASE

Single Vendor SASE

Cloud Network Security

Secure Endpoint Connectivity

Web Application / API Protection

Security Operations

Security Operations Automation

Identity

Early Detection & Prevention

Secure Networking

Hybrid Mesh Firewall

NOC Management

LAN

WAN

Communication & Surveillance

Unified SASE

Single Vendor SASE

Secure Endpoint Connectivity

Cloud Network Security

Cloud-Native Security

Web Application / API Protection

Security Operations

Security Operations Automation

Endpoint

Data Protection

Identity

Email

Early Detection & Prevention

Expert Services

Edge Firewall

Orchestration & management

SD Branch

Application Delivery

Single Vendor SASE

Secure Endpoint Connectivity

Secure Private Access

Thin Edge

Identity

Application Gateway

Enterprise Asset Management

Endpoint Agent

Agentless Security Posture

Identity

Wireless

Switching

Identity

Privilege Acccess Management

Next Generation Firewall

Orchestration & management

Expert Services

Web Application / API Protection

All

All

Account Management

SAAS Management

SAAS Application Security

Managed Services

Platform as a service (PAAS)

Other SAAS Services

4D Pillars

Cloud

Popular Solutions

All Products

CLI Reference

config system external-resource

config system external-resource

config system external-resource

config system external-resource

config system external-resource

config system external-resource