Fortinet black logo

New Features

Home FortiManager 7.4.0 New Features
7.4.0
7.4.0
7.2.0
7.0.0
6.4.0
6.2.7
6.2.3
6.2.2
6.2.1
6.2.0

FortiManager supports uploading and hosting of an external threat feed 7.4.1

FortiManager supports uploading and hosting of an external threat feed 7.4.1

Note

This information is also available in the FortiManager 7.4 Administration Guide:

FortiManager supports uploading and hosting of an external threat feed through the GUI or API.

GUI support
To upload an external resource to FortiManager:
  1. Go to FortiGuard > External Resource.
  2. Click Import in the toolbar.
  3. Drag and drop a file into the selection window or browse to your file location.
  4. Click OK. Uploaded files are displayed in the External Resources table and can be edited directly in the FortiManager GUI.
To create a threat feed using a FortiManager hosted resource:
  1. Go to Policy & Objects > Security Fabric > Threat Feeds.
    Note

    If the Threat Feeds tab is not visible, it must first be enabled in Tools > Feature Visibility. You can also create Threat Feeds in Fabric View > External Connectors.

  2. Create a new threat feed.
  3. Select the threat feed type that corresponds with the content of the uploaded external resource file. For example, if the uploaded file is a list of IP addresses, you must select Type > IP Address.
  4. In the URI of External Resource field, define the file using the following format: fmg://filename.

  5. Use the threat feed in a policy and install it to a device. In the example below, the threat feed is used in a DNS Filter in Policy & Objects > Security Profiles > DNS Filter. The DNS Filter is applied to a policy and installed to the managed FortiGate.
  6. View the threat feed details on the FortiGate.
    1. On FortiGate, go to Security Fabric > External Connectors. The content can be refreshed automatically or manually on this page.
    2. Click View Entries to see the content from the external resource.
API support

There are two types of APIs designed to support this feature. Below are examples of how to use them.

REST API:

JSON RPC API:

Previous
Next

FortiManager supports uploading and hosting of an external threat feed 7.4.1

Note

This information is also available in the FortiManager 7.4 Administration Guide:

FortiManager supports uploading and hosting of an external threat feed through the GUI or API.

GUI support
To upload an external resource to FortiManager:
  1. Go to FortiGuard > External Resource.
  2. Click Import in the toolbar.
  3. Drag and drop a file into the selection window or browse to your file location.
  4. Click OK. Uploaded files are displayed in the External Resources table and can be edited directly in the FortiManager GUI.
To create a threat feed using a FortiManager hosted resource:
  1. Go to Policy & Objects > Security Fabric > Threat Feeds.
    Note

    If the Threat Feeds tab is not visible, it must first be enabled in Tools > Feature Visibility. You can also create Threat Feeds in Fabric View > External Connectors.

  2. Create a new threat feed.
  3. Select the threat feed type that corresponds with the content of the uploaded external resource file. For example, if the uploaded file is a list of IP addresses, you must select Type > IP Address.
  4. In the URI of External Resource field, define the file using the following format: fmg://filename.

  5. Use the threat feed in a policy and install it to a device. In the example below, the threat feed is used in a DNS Filter in Policy & Objects > Security Profiles > DNS Filter. The DNS Filter is applied to a policy and installed to the managed FortiGate.
  6. View the threat feed details on the FortiGate.
    1. On FortiGate, go to Security Fabric > External Connectors. The content can be refreshed automatically or manually on this page.
    2. Click View Entries to see the content from the external resource.
API support

There are two types of APIs designed to support this feature. Below are examples of how to use them.

REST API:

JSON RPC API:

Previous
Next