Fortinet black logo

Administration Guide

Home FortiSASE Administration Guide

Applying a threat feed

Applying a threat feed

To apply a threat host feed:

You can use a threat host feed as the source or destination for a traffic or secure web gateway policy for secure internet access (SIA) and secure private access traffic (SPA).

  1. Do one of the following:
    • Go to Configuration > Policies.
    • Go to Configuration > SWG Policies.
  2. Select the desired policy, then click Edit.
  3. In the Source/Destination field, click Specify.
  4. From the Select Entries slide in, select the required threat feed under External threat feeds. Click Close.
  5. Specify the policy action as Accept or Deny as per your need.
  6. Click OK.
To apply a DNS filter domain feed:

You can use a DNS filter domain feed as a domain feed category in DNS Filter.

  1. Go to Configuration > Security. Select the appropriate Profile Group from the dropdown in the top right corner.
  2. Go to DNS Filter and click Customize.
  3. In the slide in, a Domain feeds category appears under FortiGuard Category Based Filter, which shows all the configured DNS filter domain feeds. Click the required DNS filter domain feed and select the appropriate action:

    Action

    The DNS request is...

    Security log generated under Analytics > Security > DNS Filter?

    Allow

    Allowed to pass

    No

    Monitor

    Allowed to pass

    Yes

    Redirect to Block Portal

    Blocked. Returns a FortiGuard block page

    Yes

  4. Click OK.
  5. Do one of the following under Internet Access (SIA) or Private Access (SPA):
    • For agent-based users, go to Configuration > Policies.
    • For agentless users, go to Configuration > SWG Policies.
  6. Select the required policy and click Edit.
  7. In the Profile Group field, select the profile group that has DNS filter domain feed configured
  8. Click OK.
To apply a web filter FQDN feed:

You can use a web filter FQDN feed as a web filter FQDN feed category.

  1. Go to Configuration > Security. Select the appropriate Profile Group from the dropdown in the top right corner.
  2. Go to Web Filter With Inline-CASB and click Customize.
  3. In the slide in, a FQDN feeds category appears under FortiGuard Category Based Filter, which shows all the configured Web filter FQDN feeds. Click the required FQDN feed and select the appropriate action:

    Action

    Description

    Allow

    Permit access to websites in the .

    Monitor

    Permit and log access to websites in the category.

    Block

    Prevent access to websites in the category. Users trying to access a blocked site see a replacement message indicating that FortiSASE blocks the site.

    Warning

    Display a message to the user allowing them to continue if they choose.

    Disable

    Remove the category from the from the web filter profile.

    This option is only available for local or remote categories from the right-click menu.

  4. Click OK.
  5. Do one of the following under Internet Access (SIA) or Private Access (SPA):
    • For agent-based users, go to Configuration > Policies.
    • For agentless users, go to Configuration > SWG Policies.
  6. Select the required policy and click Edit.
  7. In the Profile Group field, select the profile group that has Web filter FQDN feed configured.
  8. Click OK.
Previous
Next

Applying a threat feed

To apply a threat host feed:

You can use a threat host feed as the source or destination for a traffic or secure web gateway policy for secure internet access (SIA) and secure private access traffic (SPA).

  1. Do one of the following:
    • Go to Configuration > Policies.
    • Go to Configuration > SWG Policies.
  2. Select the desired policy, then click Edit.
  3. In the Source/Destination field, click Specify.
  4. From the Select Entries slide in, select the required threat feed under External threat feeds. Click Close.
  5. Specify the policy action as Accept or Deny as per your need.
  6. Click OK.
To apply a DNS filter domain feed:

You can use a DNS filter domain feed as a domain feed category in DNS Filter.

  1. Go to Configuration > Security. Select the appropriate Profile Group from the dropdown in the top right corner.
  2. Go to DNS Filter and click Customize.
  3. In the slide in, a Domain feeds category appears under FortiGuard Category Based Filter, which shows all the configured DNS filter domain feeds. Click the required DNS filter domain feed and select the appropriate action:

    Action

    The DNS request is...

    Security log generated under Analytics > Security > DNS Filter?

    Allow

    Allowed to pass

    No

    Monitor

    Allowed to pass

    Yes

    Redirect to Block Portal

    Blocked. Returns a FortiGuard block page

    Yes

  4. Click OK.
  5. Do one of the following under Internet Access (SIA) or Private Access (SPA):
    • For agent-based users, go to Configuration > Policies.
    • For agentless users, go to Configuration > SWG Policies.
  6. Select the required policy and click Edit.
  7. In the Profile Group field, select the profile group that has DNS filter domain feed configured
  8. Click OK.
To apply a web filter FQDN feed:

You can use a web filter FQDN feed as a web filter FQDN feed category.

  1. Go to Configuration > Security. Select the appropriate Profile Group from the dropdown in the top right corner.
  2. Go to Web Filter With Inline-CASB and click Customize.
  3. In the slide in, a FQDN feeds category appears under FortiGuard Category Based Filter, which shows all the configured Web filter FQDN feeds. Click the required FQDN feed and select the appropriate action:

    Action

    Description

    Allow

    Permit access to websites in the .

    Monitor

    Permit and log access to websites in the category.

    Block

    Prevent access to websites in the category. Users trying to access a blocked site see a replacement message indicating that FortiSASE blocks the site.

    Warning

    Display a message to the user allowing them to continue if they choose.

    Disable

    Remove the category from the from the web filter profile.

    This option is only available for local or remote categories from the right-click menu.

  4. Click OK.
  5. Do one of the following under Internet Access (SIA) or Private Access (SPA):
    • For agent-based users, go to Configuration > Policies.
    • For agentless users, go to Configuration > SWG Policies.
  6. Select the required policy and click Edit.
  7. In the Profile Group field, select the profile group that has Web filter FQDN feed configured.
  8. Click OK.
Previous
Next