FortiGate

FortiOS External Feed Connector Installation

Configure approved KDC IP, domain, and URL feeds as FortiGate External Connectors.

IntegrationExternal Feed Connector AccessPrivate connection details after approval
Controlled access

Apply to use KDC's secure feed infrastructure

KDC USOM Feed Service is available only to reviewed and approved organizations. After technical review and approval, the connection IP/FQDN, port, feed URLs, and vendor-specific values are delivered through a secure channel.

View the application process
1. Requirements

Before installation

Administrative accessExternal Connector, policy, security profile, and CLI access.
Source public IPThe actual public egress address used for feed access.
DNS and TLSThe KDC-provided FQDN and certificate chain must validate after approval.
Product eligibilityVerify that the deployed FortiOS version and licensing support External Feeds.
2. Source interface

Verify the egress path

  1. Identify the WAN or SD-WAN interface used for internet access.
  2. In multi-VDOM deployments, plan global or VDOM-specific connector scope.
  3. Enter the post-NAT public IP in the application form.
  4. Allow outbound access to the destination and port in the KDC approval document.
3. External Connectors

Create three feed objects

Use Security Fabric → External Connectors → Create New.

ObjectFortiGate typeSource
KDC-USOM-IPIP AddressIP Feed URL from the KDC approval document
KDC-USOM-DOMAINDomain NameDomain Feed URL from the KDC approval document
KDC-USOM-URLFortiGuard CategoryURL Feed URL from the KDC approval document

Use a 15-minute initial refresh interval or the interval specified by KDC.

4. Policy

Attach feeds to security controls

  • Use the IP feed as a source or destination address in firewall policy.
  • Use the domain feed in a DNS Filter Profile.
  • Use the URL feed as an external FortiGuard category in a Web Filter Profile with Block or Monitor.
5. Verification

Check connector state and entries

show system external-resource diagnose sys external-resource list

Confirm an active connector, current update time, and a non-zero entry count.

6. Troubleshooting

Down, Not Start, and Empty conditions

  • Verify the source public IP and egress interface.
  • Check DNS, TLS chain, and FortiGate system time.
  • Confirm the connector type matches the source-file format.
  • Review policy and security-profile references.
7. Rollback

Remove the integration safely

  1. Remove feed references from policies and profiles.
  2. Apply the change and review logs.
  3. Delete or disable connectors only after they are no longer referenced.
Vendor KB and official documentation

FortiGate references

Before implementation, also review the official administration guide, release notes, and capacity limits for the deployed product version.

External feedsDesteklenen feed türleri ve genel mimari. Configuring an external feedGUI üzerinden external connector oluşturma. External feed connectors per VDOMGlobal ve VDOM kapsamı. config system external-resourceFortiOS CLI referansı. Manual reload of an external threat feedManuel yenileme ve test. Connection status Not StartBaşlamayan connector sorun giderme. Behavior when feed URL is unreachableBağlantı kesintisinde liste davranışı.

The KDC guide does not replace vendor documentation. Menu names, license requirements, and supported capabilities can vary by product version and model.