Fortigate Firewall

Configure Fortigate IP Address Feed

After spending several days, I figured out how to configure IP address feed on Fortigate firewall. This is one of demanding feature requested by most Fortigate administrators to ease their job.

You can also download our free tool – Firewall Feed to easily manage text file of IP address in your local office network. Our tool facilitates adding, removing, counting and bulk addition of IP addresses in a text file.

Step 1 – Configure IP Address Feed in FortiGuard Category

  • Go to Security Fabric > Fabric Connectors and select Create New
  • Choose FortiGuard Category under Threat Feeds
  • Configure your IP Address Threat Feed URL

Fortigate IP Address Feed

  • Under Fabric Connectors, right click on recently created Threat Feed SOCBlockFeed” and choose View Entries to see all the IP address from your text file. Fortigate IP Address Feed Entries

Step 2 – Define Block Action on Web Filter

  • Navigate to Security Profiles > Web Filter
  • Choose Web Filter Profile being used in your security policies (in my case, it is default)
  • Under FortiGuard Category based filter > Choose Remote Categories and set “SOCBlockFeed” to Block.

Fortigate IP Address Feed Block Remote Category


Step 3 – Configure SSL Exemption

(Skip if you are not performing SSL Inspection, i.e your SSL Inspection is certificate-inspection)

  • Go to Security Profiles > SSL/SSH Inspection
  • Choose inspection profile that is being used in your environment.
  • Under Exempt from SSL Inspection, Add SOCBlockFeed

Fortigate IP Address Feed SSL Exempt


Step 4 – Apply Web Filter in IPv4 Policy

  • Go to Policy & Objects > IPv4 Policy
  • Enable above configured Web Filter and enable SSL Inspection.

Fortigate IP Address Feed Web Filter

Final Step

Test your configuration by accessing any of the IP address from the list. You must receive “Web Page Blocked” notice from Fortigate and category mentioned as SOCBlockFeed.

Fortigate IP Address Feed