Description
This article describes the process of verifying the functionality of threat feed external connectors that are configured at both the global and VDOM levels.
Scope
FortiGate (Subsequent to FortiOS v7.0).
Solution
Following the introduction of a new feature in FortiOS version 7.0, once multi-VDOM mode is activated, the threat feed external connector can be configured either globally or within a specific VDOM.
Be aware that a threat feed external connector is restricted to use within the firewall policy of the specific VDOM in which it was created. Conversely, global threat feed external connectors are suitable for use in all VDOMs.
In the provided example, to validate the functionality of the threat feed within a Non-Management VDOM with direct internet access in a Multi-VDOM environment, the 'g-TESTTHREATFEED' threat feed external connector has been established at the global level.
Simultaneously, the 'Non_Mgmt_VDOM_TF' threat feeds external connector has been configured within a Non-Management VDOM.
Furthermore, both outbound firewall policies associated with their respective threat feed external connectors within the Non-Management VDOM have been set with the 'Deny' action:
After accessing websites that resolve to the existing IP addresses listed in those threats feed external connectors, the user encounters an error message in the browser, and the following forward traffic log entries are generated:
