External Resources FortiOS 6.0

FortiOS has implemented the long awaited feature of dynamic block lists from external sources such as DShield and others. There are a few things to know about this feature. Depending on the category of the list, it will appear in different locations.

FortiGuard Category – Resource name will appear as a “Remote Category” in Web Filter Profiles and SSL inspection exemptions.

Firewall IP address – Resource name will appear as an “External IP Block List” in DNS Filter Profiles and as a “Source/Destination” in Proxy Policy.

Domain Name – Resource name will appear as an “Remote Category” in DNS Filter Profiles.

In this example, I am going to use the ‘Domain Name’ category. I will use the Zeus tracker feed.

Choose ‘Domain Name’. Give it a descriptive name, then enter the URL or external resource location. Refresh rate is in minutes. The default is 5 minutes.

You can now see the ‘Zeus Tracker’ I created in the list of ‘Domain Name’.

Once inside ‘Security Profiles’ ‘DNS Filter’ you will see a ‘FortiGuard category based filter’ and ‘Remote Categories’. Ensure that you choose the proper action (e.g. Block).

Then ensure that your policy has the Security Profile enabled.

NOTE: Some of these categories are already part of the FortiGuard databse.