Configure Fortigate IP Address Feed
After spending several days, I figured out how to configure IP address feed on Fortigate firewall. This is one of demanding feature requested by most Fortigate administrators to ease their job.
You can also download our free tool – Firewall Feed to easily manage text file of IP address in your local office network. Our tool facilitates adding, removing, counting and bulk addition of IP addresses in a text file.
Step 1 – Configure IP Address Feed in FortiGuard Category
- Go to Security Fabric > Fabric Connectors and select Create New
- Choose FortiGuard Category under Threat Feeds
- Configure your IP Address Threat Feed URL
- Under Fabric Connectors, right click on recently created Threat Feed “SOCBlockFeed” and choose View Entries to see all the IP address from your text file.
Step 2 – Define Block Action on Web Filter
- Navigate to Security Profiles > Web Filter
- Choose Web Filter Profile being used in your security policies (in my case, it is default)
- Under FortiGuard Category based filter > Choose Remote Categories and set “SOCBlockFeed” to Block.
Step 3 – Configure SSL Exemption
(Skip if you are not performing SSL Inspection, i.e your SSL Inspection is certificate-inspection)
- Go to Security Profiles > SSL/SSH Inspection
- Choose inspection profile that is being used in your environment.
- Under Exempt from SSL Inspection, Add SOCBlockFeed
Step 4 – Apply Web Filter in IPv4 Policy
- Go to Policy & Objects > IPv4 Policy
- Enable above configured Web Filter and enable SSL Inspection.
Test your configuration by accessing any of the IP address from the list. You must receive “Web Page Blocked” notice from Fortigate and category mentioned as SOCBlockFeed.