Description
External resources provide the capability to import an external blacklist file configured on an HTTP server.
This article describes the external-resource database behavior when the HTTP web server is not reachable from FortiGate.
Scope
FortiGate.
Solution
FortiGate will cache the last retrieved list/file from the web server in case the destination web server is not available/down then it will use the existing list from the cache.
If the FortiGate loses connectivity with the external server, the threat feed will continue to function despite the Connection Status error or reboot. However, the threat feed will not be updated and no new entries will be added until the connection is re-established.
FortiGate will check the web server on a constant frequency which can be configured from CLI as below.
# config system external-resource
edit <name>
set refresh-rate <integer>
end<integer> <----- Is the Time interval to refresh external resources (1 - 43200 min, default = 5 min).
So external resource database will be used in firewall policy till FortiGate Reboot or Fabric entry is removed in case of HTTP web server is not reachable/down
