Fortigate IP Address Feed

Configure Fortigate IP Address Feed

After spending several days, I figured out how to configure IP address feed on Fortigate firewall. This is one of demanding feature requested by most Fortigate administrators to ease their job.

You can also download our free tool – Firewall Feed to easily manage text file of IP address in your local office network. Our tool facilitates adding, removing, counting and bulk addition of IP addresses in a text file.

 

Step 1 – Configure IP Address Feed in FortiGuard Category

  • Go to Security Fabric > Fabric Connectors and select Create New
  • Choose FortiGuard Category under Threat Feeds
  • Configure your IP Address Threat Feed URL

Fortigate IP Address Feed

  • Under Fabric Connectors, right click on recently created Threat Feed SOCBlockFeed” and choose View Entries to see all the IP address from your text file. Fortigate IP Address Feed Entries

Step 2 – Define Block Action on Web Filter

  • Navigate to Security Profiles > Web Filter
  • Choose Web Filter Profile being used in your security policies (in my case, it is default)
  • Under FortiGuard Category based filter > Choose Remote Categories and set “SOCBlockFeed” to Block.

Fortigate IP Address Feed Block Remote Category

HostGator $2.75 per month
HostGator
24/7/365 Technical Support, Free Site Building Tools, 4500 Website Templates, Free Shopping Cart Software, Ideal for WordPress, 45 Day Money Back Guarantee

 

Step 3 – Configure SSL Exemption

(Skip if you are not performing SSL Inspection, i.e your SSL Inspection is certificate-inspection)

  • Go to Security Profiles > SSL/SSH Inspection
  • Choose inspection profile that is being used in your environment.
  • Under Exempt from SSL Inspection, Add SOCBlockFeed

Fortigate IP Address Feed SSL Exempt

 

Step 4 – Apply Web Filter in IPv4 Policy

  • Go to Policy & Objects > IPv4 Policy
  • Enable above configured Web Filter and enable SSL Inspection.

Fortigate IP Address Feed Web Filter

Final Step

Test your configuration by accessing any of the IP address from the list. You must receive “Web Page Blocked” notice from Fortigate and category mentioned as SOCBlockFeed.

All in One WordPress Hosting Starts at 30$ per month
All in One WordPress Hosting
WordPress
High optimized WordPress hosting, secure firewall, HTTPS, Backup, hack-fix guarantee and many others at 30$ per month

Fortigate IP Address Feed